一. filebeat.yml的配置
filebeat.prospectors:
- input_type: log
paths:
- /tmp/logs/optimus-activity-api.log
document_type: "czh-uat-activity"
multiline:
pattern: '^s*("{)'
negate: true
match: after
max_lines: 1000
timeout: 30s
fields:
logsource: uat
logtype: czh-uat-activity
- input_type: log
paths:
- /tmp/logs/optimus-coupon-api.log
document_type: "czh-uat-coupon"
fields:
logsource: uat139.224.146.96
logtype: czh-uat-coupon
- input_type: log
paths:
- /tmp/logs/optimus-bean-api.log
document_type: "czh-uat-bean"
fields:
logsource: uat
logtype: czh-uat-bean
- input_type: log
paths:
- /tmp/logs/optimus-external-api.log
document_type: "czh-uat-external-web"
fields:
logsource: uat
logtype: czh-uat-external-web
- input_type: log
paths:
- /tmp/logs/api-gateway-production.log
document_type: "czh-uat-gateway"
fields:
logsource: uat
logtype: czh-uat-gateway
- input_type: log
paths:
- /tmp/logs/optimus-manage-api.log
document_type: "czh-uat-manage"
fields:
logsource: uat
logtype: czh-uat-manage
- input_type: log
paths:
- /tmp/logs/optimus-order-api.log
document_type: "czh-uat-api-order"
fields:
logsource: uat
logtype: czh-uat-api-order
- input_type: log
paths:
- /tmp/logs/optimus-parent-plus-api.log
document_type: "czh-uat-parent-plus"
fields:
logsource: uat
logtype: czh-uat-parent-plus
- input_type: log
paths:
- /tmp/logs/optimus-user-api.log
document_type: "czh-uat-user-production"
fields:
logsource: uat
logtype: czh-uat-user-production
将采集的日志导入logstash里
output.logstash:
hosts: ["192.168.102.38:5044"]
二. logstash的配置:
1.------input配置--------
input {
beats {
port => 5044
}
}
if [fields][logtype] == "czh-uat-activity" {
json {
source => "message"
target => "data"
}
}
if [fields][logtype] == "czh-uat-coupon" {
json {
source => "message"
target => "data"
}
}
if [fields][logtype] == "czh-uat-bean" {
json {
source => "message"
target => "data"
}
}
if [fields][logtype] == "czh-uat-external-web" {
json {
source => "message"
target => "data"
}
}
if [fields][logtype] == "czh-uat-gateway" {
json {
source => "message"
target => "data"
}
}
if [fields][logtype] == "czh-uat-manage" {
json {
source => "message"
target => "data"
}
}
if [fields][logtype] == "czh-uat-api-order" {
json {
source => "message"
target => "data"
}
}
if [fields][logtype] == "czh-uat-parent-plus" {
json {
source => "message"
target => "data"
}
}
if [fields][logtype] == "czh-uat-user-production" {
json {
source => "message"
target => "data"
}
}
-------output-配置------
if [fields][logtype] == "czh-uat-activity"{
elasticsearch {
hosts => ["192.168.102.17:9200","192.168.102.26:9200"] #将处理后的日志存储到 elasticsearch,多个IP是因为做了集群
index => "czh-uat-activity" #创建索引
}
}
if [fields][logtype] == "czh-uat-coupon"{
elasticsearch {
hosts => ["192.168.102.17:9200","192.168.102.26:9200"]
index => "czh-uat-coupon"
}
}
if [fields][logtype] == "czh-uat-bean"{
elasticsearch {
hosts => ["192.168.102.17:9200","192.168.102.26:9200"]
index => "czh-uat-bean"
}
}
if [fields][logtype] == "czh-uat-external-web"{
elasticsearch {
hosts => ["192.168.102.17:9200","192.168.102.26:9200"]
index => "czh-uat-external-web"
}
}
if [fields][logtype] == "czh-uat-gateway"{
elasticsearch {
hosts => ["192.168.102.17:9200","192.168.102.26:9200"]
index => "czh-uat-gateway"
}
}
if [fields][logtype] == "czh-uat-manage"{
elasticsearch {
hosts => ["192.168.102.17:9200","192.168.102.26:9200"]
index => "czh-uat-manage"
}
}
if [fields][logtype] == "czh-uat-api-order"{
elasticsearch {
hosts => ["192.168.102.17:9200","192.168.102.26:9200"]
index => "czh-uat-api-order"
}
}
if [fields][logtype] == "czh-uat-parent-plus"{
elasticsearch {
hosts => ["192.168.102.17:9200","192.168.102.26:9200"]
index => "czh-uat-parent-plus"
}
}
if [fields][logtype] == "czh-uat-user-production"{
elasticsearch {
hosts => ["192.168.102.17:9200","192.168.102.26:9200"]
index => "czh-uat-user-production"
}
}