zoukankan      html  css  js  c++  java
  • zabbix 插件使用问题

    [elk@dr-mysql01 frontend]$ ../../bin/logstash -f std02.conf 
    Settings: Default pipeline workers: 8
    Pipeline main started
    31`31`
    ArgumentError: comparison of String with 5 failed
                 >= at org/jruby/RubyComparable.java:155
                 >= at org/jruby/RubyString.java:1853
        output_func at (eval):138
       output_batch at /usr/local/logstash-2.3.4/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.4-java/lib/logstash/pipeline.rb:293
               each at org/jruby/RubyArray.java:1613
             inject at org/jruby/RubyEnumerable.java:852
       output_batch at /usr/local/logstash-2.3.4/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.4-java/lib/logstash/pipeline.rb:287
        worker_loop at /usr/local/logstash-2.3.4/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.4-java/lib/logstash/pipeline.rb:232
      start_workers at /usr/local/logstash-2.3.4/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.4-java/lib/logstash/pipeline.rb:201
    [elk@dr-mysql01 frontend]$ ../../bin/logstash -f std02.conf 
    Settings: Default pipeline workers: 8
    Pipeline main started
    ddsad
    ArgumentError: comparison of String with 5 failed
                 >= at org/jruby/RubyComparable.java:155
                 >= at org/jruby/RubyString.java:1853
        output_func at (eval):138
       output_batch at /usr/local/logstash-2.3.4/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.4-java/lib/logstash/pipeline.rb:293
               each at org/jruby/RubyArray.java:1613
             inject at org/jruby/RubyEnumerable.java:852
       output_batch at /usr/local/logstash-2.3.4/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.4-java/lib/logstash/pipeline.rb:287
        worker_loop at /usr/local/logstash-2.3.4/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.4-java/lib/logstash/pipeline.rb:232
      start_workers at /usr/local/logstash-2.3.4/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.4-java/lib/logstash/pipeline.rb:201
    [elk@dr-mysql01 frontend]$ ^C
    [elk@dr-mysql01 frontend]$ vim std02.conf 
    [elk@dr-mysql01 frontend]$ vim std02.conf 
    [elk@dr-mysql01 frontend]$ cat std02.conf 
    input {
        stdin {
          type => "zj_scan"
        }
     
    }
    filter {
        grok {
                match =>[ 
                 "message","%{IPORHOST:clientip} [%{HTTPDATE:time}] "%{WORD:verb} %{URIPATHPARAM:request}?.* HTTP/%{NUMBER:httpversion}" - %{NUMBER:http_status_code} %{NUMBER:bytes} "(?<http_referer>S+)" "(?<http_user_agent>(S+s+)*S+)" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)", 
                 "message" , "%{IPORHOST:clientip} [%{HTTPDATE:time}] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}" - %{NUMBER:http_status_code} %{NUMBER:bytes} "(?<http_referer>S+)" "(?<http_user_agent>(S+s+)*S+)" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)",
                 "message","%{IPORHOST:clientip} [%{HTTPDATE:time}] "%{WORD:verb} (?<http_url>S+)s+HTTP/%{NUMBER:httpversion}"s+-s+%{NUMBER:http_status_code}s+%{NUMBER:bytes}s+"-"s+"(?<http_user_agent>(S+))"s+(%{BASE16FLOAT:request_time})s+(%{IPORHOST:http_x_forwarded_for}|-)"
                 
            ]
        }  
           geoip {
                            source => "http_x_forwarded_for"
                            target => "geoip"
                            database => "/usr/local/logstash-2.3.4/etc/GeoLiteCity.dat"
                            add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
                            add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]
                    }
                    mutate {
                            convert => [ "[geoip][coordinates]", "float"]
                            convert => [ "request_time", "float"]
                           add_field =>["response_time","%{request_time}"]
                            convert => [ "response_time", "float"]
                            add_field => [ "[@metadata][zabbix_key]" , "logstash-api-access" ]
                           add_field => [ "[@metadata][zabbix_host]" , "dr-mysql01" ]
                           add_field =>["messager","%{type}%{message}"]
                            remove_field =>["request_time"]
                            remove_field =>["message"]
    
                    }
                  date {
            match => ["time", "dd/MMM/yyyy:HH:mm:ss Z"]
        }
    }
    output {
            	stdout {
    			codec => rubydebug
    		}
    #        if [response_time] >= 5  {
    #          zabbix {
    #                zabbix_host => "[@metadata][zabbix_host]"
    #                zabbix_key => "[@metadata][zabbix_key]"
    #        zabbix_server_host => "192.168.32.55"
    #        zabbix_server_port => "10051"
    #                zabbix_value => "messager"
    #        }
    # }
    }
    [elk@dr-mysql01 frontend]$ ../../bin/logstash -f std02.conf 
    Settings: Default pipeline workers: 8
    Pipeline main started
    121
    {
             "@version" => "1",
           "@timestamp" => "2016-09-27T05:40:46.547Z",
                 "type" => "zj_scan",
                 "host" => "dr-mysql01.zjcap.com",
                 "tags" => [
            [0] "_grokparsefailure"
        ],
        "response_time" => "%{request_time}",
             "messager" => "zj_scan121"
    }
    
    加载zabbix 插件后,只要匹配不上 logstash就会挂掉,不会打印匹配不上的记录

  • 相关阅读:
    Python 2 与 python 3的区别
    语法基础题
    Python运算符_ 2018-07-26
    Python 各种语句:2018-07-27
    解决在Python中使用Win32api报错的问题,No module named win32api
    在CenOS7.5里安装Redis
    下载Redis
    重置CentOS6.5的登录口令
    如何在CentOS里切换操作系统所用的语言,中英文切换
    在Ubuntu里安装Mysql5.7.23
  • 原文地址:https://www.cnblogs.com/hzcya1995/p/13350210.html
Copyright © 2011-2022 走看看