zoukankan      html  css  js  c++  java
  • ELK之jason配置nginx文件等多个配置文件

    [root@web02 ~]# cat  /etc/logstash/conf.d/nginx.conf 
    input {
    	file {
    		path => "/var/log/nginx/access_log_jason.log"
    		codec => "json"
    		type => "nginx-access-log"
    	}
    
    
    }
    
    
    filter {
    
    
    
    }
    
    
    output {
    	elasticsearch {
    		hosts => ["10.0.0.18:9200"]
    		index => "nginx-access-log-%{+YYYY.MM.dd}"
    
    	}
    	stdout{
    		codec => rubydebug
    	}
    
    }
    

    #正则匹配[  ] 两个括号之间的内容

    [root@web04 conf.d]# cat codec.conf 
    input{
    	stdin {
    		codec => multiline{
    			pattern => "^["
    			negate => true
    			what => "previous"
    		}
    
    	}
    
    
    
    }
    
    filter{
    }
    
    
    output{
    
    	stdout{
    		codec => rubydebug
    	}
    
    }
    
    [root@web04 conf.d]# cat demo.conf 
    input {
    	stdin{}
    
    }
    
    filter {
    
    
    
    }
    
    
    output {
    	elasticsearch{
    		hosts => ["10.0.0.18:9200"]
    		index => "logstash-%{+YYYY.MM.dd}"
    	}
    	stdout{
    		codec => rubydebug
    	}
    
    }
    =====================================
    多行正则匹配
    
    [root@web04 conf.d]# cat file.conf 
    input {
    	file{
    
    		path => ["/var/log/messages","/var/log/secure"]
    		type => "system-log"
    		start_position => "beginning"
    	}
    	
    	file {
    		path => ["/var/log/elasticsearch/my-es.log","/var/log/elasticsearch/my-es.log.2018-01-15"]
    		type => "es-log"
    		start_position => "beginning"
    		codec => multiline{
                            pattern => "^["
                            negate => true
                            what => "previous"
                    }
    
    
    	}
    }
    
    filter {
    
    
    
    
    }
    
    output {
    	if [type] == "system-log" {
    		elasticsearch {
    			hosts => ["10.0.0.18:9200"]
    			index => "system-log-%{+YYYY.MM}"
    		}
    	}
    	if [type] == "es-log" {
    		elasticsearch {
    			hosts => ["10.0.0.18:9200"]
    			index => "es-log-%{+YYYY.MM}"
    		}
    	}
    
    }
    ================================
    syslog 插件
    [root@web04 conf.d]# cat sys.log 
    input {
    
    	syslog{
    
    		type => "system-syslog"
    		port => 514
    	}
    
    }
    
    
    output {
    	elasticsearch {
    		hosts => ["10.0.0.18:9200"]
    		index => "system-syslog-%{+YYYY.MM}"
    	}
    
    
    }
    ===============
    
    #TCP 通过端口传送到一个文件
    [root@web04 conf.d]# cat tcp.conf 
    input {
    	tcp {
    
                    type => "tcp"
                    port => "6666"
                    mode => "server"
    
            }
    
    }
    
    filter {
    	
    
    }
    
    
    
    output {
    
    	stdout {
    		codec => rubydebug
    	}
    
    
    
    }
    
  • 相关阅读:
    基本数据类型相互转换及操作方法
    python以及计算机原理基础简要摘录
    Linux程序包管理
    rpm命令详解
    Linux程序包管理
    Linux任务计划
    压缩,解压缩工具及bash脚本编程
    btrfs文件系统管理与应用
    LVM应用
    CSS核心技术
  • 原文地址:https://www.cnblogs.com/gaoyuechen/p/8309604.html
Copyright © 2011-2022 走看看