logstash indexer和shipper的配置
来源:互联网 发布:centos linux 删除软件 编辑:程序博客网 时间:2024/06/05 09:42
[elk@zjtest7-frontend config]$ cat logstash_agent.conf input { file { type => "zj_nginx_access" path => ["/rsyslog/data/nginx/zjzc/nginx_access0*_log.*"] ignore_older => 87400 } file { type => "uat_nginx_access" path => ["/rsyslog/data/nginx/uat/nginx_access0*_log.*"] ignore_older => 87400 } }filter { grok { match => { "message" => "%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>\S+)\" \"(?<http_x_forwarded_for>\S+)\"" } } }output { if [type] == "zj_nginx_access" { redis { host => "192.168.32.67" data_type => "list" key => "zj_nginx:redis" port=>"6379" password => "1234567" }} else if [type] == "uat_nginx_access"{ redis { host => "192.168.32.67" data_type => "list" key => "uat_nginx:redis" port=>"6379" password => "1234567" } }} indexer.conf:input { redis { host => "192.168.32.67" data_type => "list" key => "zj_nginx:redis" password => "1234567" port =>"6379" } redis { host => "192.168.32.67" data_type => "list" key => "uat_nginx:redis" password => "1234567" port =>"6379" }}output { if [type] == "zj_nginx_access"{ elasticsearch { hosts => "192.168.32.80:9200" index => "logstash-zjzc-nginx-%{+YYYY.MM.dd}" }stdout {codec => rubydebug} } else if [type] == "uat_nginx_access"{ elasticsearch { hosts => "192.168.32.81:9200" index => "logstash-uat-nginx-%{+YYYY.MM.dd}" } stdout { codec => rubydebug } }} redis消息里有type字段;127.0.0.1:6379> LPOP "zj_nginx:redis""{\"message\":\" 120.26.44.206:8001 120.26.44.206 120.26.44.206 [22/Aug/2016:22:12:58 +0800] \\\"GET / HTTP/1.1\\\" - 200 30626 \\\"-\\\" \\\"curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2\\\" 0.000 -\",\"@version\":\"1\",\"@timestamp\":\"2016-08-22T14:10:55.846Z\",\"path\":\"/rsyslog/data/nginx/zjzc/nginx_access01_log.2016-08-22\",\"host\":\"0.0.0.0\",\"type\":\"zj_nginx_access\",\"tags\":[\"_grokparsefailure\"]}"{ "message" => " 120.26.44.206:8001 120.26.44.206 120.26.44.206 [22/Aug/2016:22:18:58 +0800] \"GET / HTTP/1.1\" - 200 30626 \"-\" \"curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2\" 0.000 -", "@version" => "1", "@timestamp" => "2016-08-22T14:16:55.738Z", "path" => "/rsyslog/data/nginx/zjzc/nginx_access01_log.2016-08-22", "host" => "0.0.0.0", "type" => "zj_nginx_access", "tags" => [ [0] "_grokparsefailure" ]}{ "message" => " 121.40.189.90:8001 121.40.189.90 120.26.44.206 [22/Aug/2016:22:14:13 +0800] \"GET / HTTP/1.1\" - 200 30338 \"-\" \"curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2\" 0.001 -", "@version" => "1", "@timestamp" => "2016-08-22T14:17:04.110Z", "path" => "/rsyslog/data/nginx/uat/nginx_access01_log.2016-08-22", "host" => "0.0.0.0", "type" => "uat_nginx_access", "tags" => [ [0] "_grokparsefailure" ]}
0 0
- logstash indexer和shipper的配置
- ELK日志收集系统调研(二)---LogStash Shipper&Indexer
- Logstash Log Shipper Agent Setup
- indexer和searchd的使用
- logstash日志分析的配置和使用
- logstash日志分析的配置和使用
- logstash日志分析的配置和使用
- logstash日志分析的配置和使用
- logstash日志分析的配置和使用
- Logstash日志分析的配置和使用
- logstash 读取多个系统相同文件shipper端
- 使用Lucene开发自己的搜索引擎–(2)配置环境和索引文件的建立indexer
- logstash的配置
- Logstash配置总结和实例
- logstash的安装和部署
- Logback和Logstash的集成
- Logstash的安装和使用
- Logback和Logstash的集成
- 对this 的深入理解
- spring security 实现form-login功能
- OpenSSL多线程互斥锁
- Vijos P1407 古韵之刺绣
- Fragment嵌套Viewpager时报错
- logstash indexer和shipper的配置
- Android-----使用UncaughtExceptionHandler捕获全局异常
- java项目之——坦克大战14
- 从短信url链接跳转到APP
- 51nod 1315 合法整数集
- Java多线程
- 高德地图集成
- window.open多次点击只点出一个窗口
- 使用函数实现一个登陆流程伪代码