zoukankan      html  css  js  c++  java

  • 1.elk 入门示例

    zjtest7-frontend:/usr/local/logstash-2.3.4/bin# ./logstash -e 'input{stdin{}} output{stdout{codec=>rubydebug}}'
Settings: Default pipeline workers: 1
Pipeline main started
Hello World
{
       "message" => "Hello World",
      "@version" => "1",
    "@timestamp" => "2016-08-25T02:19:18.694Z",
          "host" => "0.0.0.0"
}

Logstash会给事件添加一些额外的信息。最重要的就是 @timestamp ,用来标记事件的发生时间。

{
       "message" => " www.zjcap.cn 10.168.29.17 10.171.246.184 [25/Aug/2016:10:30:12 +0800] "GET 

/resources/images/index/milestone/milestone_18.jpg HTTP/1.1" - 200 30049 "https://www.zjcap.cn/" "Mozilla/5.0 

(Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" 0.001 -",
      "@version" => "1",
    "@timestamp" => "2016-08-25T02:30:13.679Z",
          "path" => "/data01/applog_backup/zjzc_log/zj-frontend02-access.2016-08-25",
          "host" => "dr-mysql01.zjcap.com",
          "type" => "zj_frontend_access",
          "tags" => [
        [0] "_grokparsefailure"
    ]
}


host 标记事件发生在哪里

type  标记事件的唯一类型

  • 相关阅读:
    FreePbx
    ntpdate和date
    Linux系统/dev/mapper目录浅谈
    利用rsync做全平台备份
    windows 共享给 linux
    Linux、UNIX设置开机自动运行命令
    JNU周练1019
    JNU周练1013
    2013/7/30 JNU周练
    二叉树遍历
  • 原文地址:https://www.cnblogs.com/hzcya1995/p/13350363.html
Copyright © 2011-2022 走看看