https://www.rosehosting.com/blog/install-and-configure-the-elk-stack-on-ubuntu-16-04/

https://www.elastic.co/guide/en/logstash/current/configuration.html

https://dotblogs.com.tw/supershowwei/2016/05/25/185741

install finish

1、/etc/logstash/conf.d/    put some logstash conf

2、ubuntu have logstash listen error, so nano /etc/logstash/startup.options
LS_USER = root

3、/usr/share/logstash/bin# ./system-install        reuse LS_USER for config

注意:

 mutate {
        add_field => {
            “logTime” => “%{+YYYY-MM-dd} %{time}”
        }