代理filebeat配置文件:
logstash配置文件:
input {
kafka {
codec => json
bootstrap_servers => "FH-UMP-ELK-VIP:9092"
topics => ["FH-UMP-PORTAL1-NCOLOG"]
}
}
filter{
mutate{
add_field =>{
"hostname" => "%{[beat][name]}"
}
remove_field => ["beat","offset","version","IP"]
rename =>{"source" => "logpath"}
}
grok {
match => { "message" => "%{DATA:time}%{IPV4:client_id_address}s+%{WORD:name}:s+(?<info>.*)"}
}
}
output {
if "FH-UMP-PORTAL1" not in [message] or "FH-UMP-PORTAL2" not in [message] or "FH-UMP-ZABBIX1" not in [message] or "FH-UMP-ZABBIX2" not in [me
ssage] {
elasticsearch {
hosts => ["FH-UMP-ELK-VIP:9200"]
index => "网络设备日志-wlsbrz-%{+YYYY.MM.dd}"
codec => json
}
}
}