zoukankan      html  css  js  c++  java

  • logstash过滤配置

    input {
    redis {
    host => "127.0.0.1"
    port => 6380
    data_type => "list"
    key => "phgj-list"
    }
    }
    filter {
    if [fields][tag] == "ph130-ingcn01" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-phing" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-route" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-savetask" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-deletetask" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-endtime" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    }
    output {
    if [fields][tag] == "ph130-ingcn01" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-ingcn01-log"
    }
    }
    if [fields][tag] == "ph130-phing" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-phing-log"
    }
    }
    if [fields][tag] == "ph130-route" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-route-log"
    }
    }
    if [fields][tag] == "ph130-savetask" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-savetask-log"
    }
    }
    if [fields][tag] == "ph130-deletetask" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-deletetask-log"
    }
    }
    if [fields][tag] == "ph130-endtime" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-endtime-log"
    }
    }
    }
  • 相关阅读:
    适配不同屏幕的宏
    phpstrom 10 激活
    php三维数组去重
    Ajax总结
    Node.js中处理异步编程(使用回调处理一次性事件,使用事件监听器处理重复性事件)
    JavaScript中函数对象的call()和apply()方法的总结
    jQuery中prop()方法和attr()方法可能遇到的问题小结
    Node.js中url的parse、format、resolve方法详解
    处理跨域方式
    JS获取网页窗口大小、浏览器窗口大小、页面元素位置
  • 原文地址:https://www.cnblogs.com/liqing1009/p/8413565.html
Copyright © 2011-2022 走看看