logstash 根据type 判断输出
来源:互联网 发布:单片机按键电路的作用 编辑:程序博客网 时间:2024/06/05 08:44
# 更多ELK资料请访问 http://devops.taobao.com一、配置前需要注意:1.Use chmod to modify nginx log file privilege. E.g. chmod 664 access.log2.Modify /etc/default/logstash => LS_USER field to change logstash user, e.g. root--------------------------------------------------------------------------二、logstash配置文件:input { file { type => "nginx-access" path => "/var/nginx/access.log" # MODIFY REQUIRED! point to nginx access.log file start_position => beginning # read file from beginning, instead of from end as default ignore_older => 0 # do not ignore old file } file { type => "nginx-error" path => "/var/nginx/error.log" # MODIFY REQUIRED! point to nginx error.log file start_position => beginning ignore_older => 0 }}filter { # separate parsing for nginx access and error log if [type] == "nginx-access" { # default nginx access log pattern (nginx 1.4.6). You may change it if it doesn't fit grok { match => { "message" => "%{COMBINEDAPACHELOG}+%{GREEDYDATA:extra_fields}" } } } else if [type] == "nginx-error" { # default nginx error log pattern (nginx 1.4.6). You may change it if it doesn't fit (but ensure "clientip" field) grok { match => [ "message" , "(?<timestamp>%{YEAR}[./-]%{MONTHNUM}[./-]%{MONTHDAY}[- ]%{TIME}) \[%{LOGLEVEL:severity}\] %{POSINT:pid}#%{NUMBER}: %{GREEDYDATA:errormessage}(?:, client: (?<clientip>%{IP}|%{HOSTNAME}))(?:, server: %{IPORHOST:server}?)(?:, request: %{QS:request})?(?:, upstream: (?<upstream>\"%{URI}\"|%{QS}))?(?:, host: %{QS:request_host})?(?:, referrer: \"%{URI:referrer}\")?"] } } # add geo-location info geoip { source => "clientip" }}output { # output to local Elasticsearch server as index, separated by log type and date elasticsearch { hosts => ["127.0.0.1"] index => "%{type}-%{+YYYY.MM.dd}" }}--------------------------------------------------------------------------github地址:https://github.com/adventure-yunfei/ELK-for-nginx-log 0 0
- logstash 根据type 判断输出
- logstash 通过type判断
- Logstash type来标记事件类型,通过type判断
- logstash输出日志到elasticsearch,index和type如何动态赋值?
- logstash 条件判断语句
- logstash 发送zabbix 给消息加上type
- 根据字符串获取Type
- logstash输出到elasticsearch多索引
- ELK测试笔记-filebeat输出到logstash
- logstash配置文件多输入和多输出
- ELK中的logstash启动后无输出
- logstash kafka output 输出原始数据格式
- 坑爹的logstash条件判断
- 根据输入的字符串,判断并输出有效的字符串的长度,和该字符串。vc++
- php和织梦获取顶级域名 ,根据判断输出指定文字
- Logstash
- LogStash
- Logstash
- Lodash 中 assign,extend 和 merge 的区别
- 机器学习常见算法概述
- Retrofit+OKhttp+RxJava框架的封装
- Android APP反编译
- MyBatis Generator自动创建SSM框架mapping pojo dao包下的代码详解
- logstash 根据type 判断输出
- 20160822,新的团队,新的起点,自力更生
- Decorator模式(装饰模式 结构型)
- 【挖坑记】JZOJ 4722 跳楼机
- mysql分别对分一组的数据进行更新
- [二维树状数组] codeforces 707E. Garlands
- JDBC学习入门
- UVA 1608 Non-boring sequence
- 每日一linux命令(56)-------watch命令
