logstash indexer和shipper的配置

[elk@zjtest7-frontend config]$ cat logstash_agent.conf input {        file {                type => "zj_nginx_access"                path => ["/rsyslog/data/nginx/zjzc/nginx_access0*_log.*"]                ignore_older => 87400        }           file {                 type => "uat_nginx_access"                 path => ["/rsyslog/data/nginx/uat/nginx_access0*_log.*"]                 ignore_older => 87400         }  }filter {    grok {        match => {            "message" => "%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>\S+)\" \"(?<http_x_forwarded_for>\S+)\""        }    }   }output {     if [type] == "zj_nginx_access" {         redis {                host => "192.168.32.67"                data_type => "list"                key => "zj_nginx:redis"                port=>"6379"                password => "1234567"        }}      else if [type] == "uat_nginx_access"{       redis {                 host => "192.168.32.67"                 data_type => "list"                 key => "uat_nginx:redis"                 port=>"6379"                 password => "1234567"         } }} indexer.conf:input {        redis {                host => "192.168.32.67"                data_type => "list"                key => "zj_nginx:redis"                password => "1234567"                port =>"6379"        }        redis {                host => "192.168.32.67"                data_type => "list"                key => "uat_nginx:redis"                password => "1234567"                port =>"6379"        }}output {      if   [type] == "zj_nginx_access"{         elasticsearch {                hosts => "192.168.32.80:9200"                index => "logstash-zjzc-nginx-%{+YYYY.MM.dd}"        }stdout {codec => rubydebug}      }        else if  [type] == "uat_nginx_access"{      elasticsearch {                hosts => "192.168.32.81:9200"                index => "logstash-uat-nginx-%{+YYYY.MM.dd}"        }                stdout {                        codec => rubydebug                }     }} redis消息里有type字段；127.0.0.1:6379> LPOP "zj_nginx:redis""{\"message\":\" 120.26.44.206:8001 120.26.44.206 120.26.44.206 [22/Aug/2016:22:12:58 +0800] \\\"GET / HTTP/1.1\\\" - 200 30626 \\\"-\\\" \\\"curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2\\\" 0.000 -\",\"@version\":\"1\",\"@timestamp\":\"2016-08-22T14:10:55.846Z\",\"path\":\"/rsyslog/data/nginx/zjzc/nginx_access01_log.2016-08-22\",\"host\":\"0.0.0.0\",\"type\":\"zj_nginx_access\",\"tags\":[\"_grokparsefailure\"]}"{       "message" => " 120.26.44.206:8001 120.26.44.206 120.26.44.206 [22/Aug/2016:22:18:58 +0800] \"GET / HTTP/1.1\" - 200 30626 \"-\" \"curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2\" 0.000 -",      "@version" => "1",    "@timestamp" => "2016-08-22T14:16:55.738Z",          "path" => "/rsyslog/data/nginx/zjzc/nginx_access01_log.2016-08-22",          "host" => "0.0.0.0",          "type" => "zj_nginx_access",          "tags" => [        [0] "_grokparsefailure"    ]}{       "message" => " 121.40.189.90:8001 121.40.189.90 120.26.44.206 [22/Aug/2016:22:14:13 +0800] \"GET / HTTP/1.1\" - 200 30338 \"-\" \"curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2\" 0.001 -",      "@version" => "1",    "@timestamp" => "2016-08-22T14:17:04.110Z",          "path" => "/rsyslog/data/nginx/uat/nginx_access01_log.2016-08-22",          "host" => "0.0.0.0",          "type" => "uat_nginx_access",          "tags" => [        [0] "_grokparsefailure"    ]}