zoukankan      html  css  js  c++  java

  • ELK收集网络日志配置

    代理filebeat配置文件:

     logstash配置文件:

    input {

    kafka {
    codec => json
    bootstrap_servers => "FH-UMP-ELK-VIP:9092"
    topics => ["FH-UMP-PORTAL1-NCOLOG"]

    }

    }


    filter{
    mutate{
    add_field =>{
    "hostname" => "%{[beat][name]}"
    }
    remove_field => ["beat","offset","version","IP"]
    rename =>{"source" => "logpath"}
    }
    grok {
    match => { "message" => "%{DATA:time}%{IPV4:client_id_address}s+%{WORD:name}:s+(?<info>.*)"}
    }

    }


    output {
    if "FH-UMP-PORTAL1" not in [message] or "FH-UMP-PORTAL2" not in [message] or "FH-UMP-ZABBIX1" not in [message] or "FH-UMP-ZABBIX2" not in [me
    ssage] {

    elasticsearch {
    hosts => ["FH-UMP-ELK-VIP:9200"]
    index => "网络设备日志-wlsbrz-%{+YYYY.MM.dd}"
    codec => json
    }

    }
    }
  • 相关阅读:
    内置常量
    python100练
    python之禅
    Django
    pymsql入门
    jQuery事件
    数据库(索引)
    算法基础知识
    数据库(查询专项)
    数据库(所有人都坐下!这是基本操作!)
  • 原文地址:https://www.cnblogs.com/A121/p/12217925.html
Copyright © 2011-2022 走看看