zoukankan      html  css  js  c++  java

  • logstash过滤配置

    input {
    redis {
    host => "127.0.0.1"
    port => 6380
    data_type => "list"
    key => "phgj-list"
    }
    }
    filter {
    if [fields][tag] == "ph130-ingcn01" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-phing" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-route" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-savetask" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-deletetask" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-endtime" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    }
    output {
    if [fields][tag] == "ph130-ingcn01" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-ingcn01-log"
    }
    }
    if [fields][tag] == "ph130-phing" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-phing-log"
    }
    }
    if [fields][tag] == "ph130-route" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-route-log"
    }
    }
    if [fields][tag] == "ph130-savetask" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-savetask-log"
    }
    }
    if [fields][tag] == "ph130-deletetask" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-deletetask-log"
    }
    }
    if [fields][tag] == "ph130-endtime" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-endtime-log"
    }
    }
    }
  • 相关阅读:
    本地坐标转世界坐标为什么是 先缩放后旋转再平移
    cocos子节点转父节点坐标 原理浅析(局部坐标转世界坐标同理)
    Github上关于iOS的各种开源项目集合2(强烈建议大家收藏,查看,总有一款你需要)
    Github上关于iOS的各种开源项目集合(强烈建议大家收藏,查看,总有一款你需要)
    Masonry基本语法
    WebStorm 10.0.4注册码
    如何让CCLayer创造的地图,左右滑动不出现黑边
    GitHub 上排名前 100 的 Objective-C 项目简介
    C语言fmod()函数:对浮点数取模(求余)
    查看笔记本最大支持内存
  • 原文地址:https://www.cnblogs.com/liqing1009/p/8413565.html
Copyright © 2011-2022 走看看