zoukankan      html  css  js  c++  java

  • logstash过滤配置

    input {
    redis {
    host => "127.0.0.1"
    port => 6380
    data_type => "list"
    key => "phgj-list"
    }
    }
    filter {
    if [fields][tag] == "ph130-ingcn01" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-phing" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-route" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-savetask" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-deletetask" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-endtime" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    }
    output {
    if [fields][tag] == "ph130-ingcn01" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-ingcn01-log"
    }
    }
    if [fields][tag] == "ph130-phing" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-phing-log"
    }
    }
    if [fields][tag] == "ph130-route" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-route-log"
    }
    }
    if [fields][tag] == "ph130-savetask" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-savetask-log"
    }
    }
    if [fields][tag] == "ph130-deletetask" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-deletetask-log"
    }
    }
    if [fields][tag] == "ph130-endtime" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-endtime-log"
    }
    }
    }
  • 相关阅读:
    SuSE上运行MyCat(二):配置单点MyCat
    mysql笔记系列(七)唯一索引和普通索引的性能区别
    LINUX中LS对文件进行按大小排序和按时间排序,设置LS时间格式
    Linux下查看网关方法:
    linux
    Linux ip命令详解
    suse下设置IP的3种方法
    linux配置虚拟IP--VIP
    chroot的用法
    91家纺网,十次更新
  • 原文地址:https://www.cnblogs.com/liqing1009/p/8413565.html
Copyright © 2011-2022 走看看