|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
logstash中的时间与服务器时间差8小时,导致@timestamp字段中的时间不对,影响后续流程处理,因此修改logstash配置文件,主要修改 filter 中的字段:apiVersion: v1data: input_main: |- input { udp { port => 1514 type => syslog } # tcp { # port => 1514 # type => syslog # } redis { host => "192.21.19.33" password => VYaa0Ch key => "logstash" data_type => "list" codec => "json" } } output_main: |- filter { mutate { rename => { "@tags" => "channel" } } ruby { code => "event.set('timestamp', event.get('@timestamp').time.localtime + 8*60*60)" } ruby { code => "event.set('@timestamp',event.get('timestamp'))" } mutate { remove_field => ["timestamp"] } } output { stdout { codec => rubydebug } elasticsearch { hosts => ["192.168.11.38:9200"] manage_template => false index => "k8s-logstash-%{channel}-%{+YYYY.MM.dd}" } }kind: ConfigMapmetadata: annotations: labels: app: logstash chart: logstash-0.6.3 heritage: Tiller release: logstash name: logstash-pipeline namespace: elk |