配置文件结构说明
https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html
Event相关配置
https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html
event中字段提取: field reference
如:[ua][os]
应用字段内容: sprintf format
如:increment => "apache.%{[response][status]}" } }
条件语句:Conditionals
如:if [action] == "login"
特殊字段说明:
@metadata、@timestamp
{ "agent": "Mozilla/5.0 (compatible; MSIE 9.0)", "ip": "192.168.24.44", "request": "/index.html" "response": { "status": 200, "bytes": 52353 }, "ua": { "os": "Windows 7" } }
环境变量的应用
https://www.elastic.co/guide/en/logstash/current/environment-variables.html
配置文件自动reload
https://www.elastic.co/guide/en/logstash/current/reloading-config.html
logstash的部署模式
https://www.elastic.co/guide/en/logstash/current/deploying-and-scaling.html#deploying-and-scaling