elk---日志收集
发布时间:2020-12-17 04:05:12 所属栏目:百科 来源:网络整理
导读:语法格式 logstash中行为事件,流程:事件---input---codec---filter---codec----output input{ #注释 stdin{ }} #可以不用写filter{}output{ elasticsearch{ hosts = ["ip:9200"] index = "test-%{+YYYY.DD.mm}" } stdout{ codec = "rubydebug" }} rsyslog日
|
语法格式
logstash中行为事件,流程:事件---input---codec---filter---codec----output input{
#注释
stdin{
}
}
#可以不用写
filter{
}
output{
elasticsearch{
hosts => ["ip:9200"]
index = "test-%{+YYYY.DD.mm}"
}
stdout{
codec => "rubydebug"
}
}
rsyslog日志收集input{
file{
path => ["/var/log/messages","/var/log/secure"]
type => "system-log"
start_postition => "beginning"
}
}
filter{
}
output{
elasticsearch{
hosts => ["ip:9200"]
index => "system-log-%{+YYYY.MM}"
}
}
es 日志收集 input{
file{
path => ["/var/log/messages","/var/log/secure"]
type => "system-log"
start_postition => "beginning"
file{
path => "/var/log/elasticsearch/es.log"
type => "es-log"
start_postition => "beginning"
codec => multiline{
pattern =>"^["
negate => true
what => "previous"
}
syslog{
type => "system-syslog"
port => 514
}
}
}
}
filter{
}
output{
if [type]=="system-log"{
elasticsearch{
hosts => ["ip:9200"]
index => "system-log-%{+YYYY.MM}"
}
}
if [type]=="es-log"{
elasticsearch{
hosts => ["ip:9200"]
index => "system-log-%{+YYYY.MM}"
}
}
if [type]=="system-syslog"{
elasticsearch{
hosts => ["ip:9200"]
index => "system-syslog-%{+YYYY.MM}"
}
}
stdout{
codec => "rubydebug"
}
}
tcp 日志收集input{
tcp{
type => "tcp"
port => "6666"
mode => "server"
}
}
output{
stdout{
codec => rubydebug
}
}
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |