zoukankan      html  css  js  c++  java

  • logstash过滤配置

    input {
    redis {
    host => "127.0.0.1"
    port => 6380
    data_type => "list"
    key => "phgj-list"
    }
    }
    filter {
    if [fields][tag] == "ph130-ingcn01" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-phing" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-route" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-savetask" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-deletetask" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-endtime" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    }
    output {
    if [fields][tag] == "ph130-ingcn01" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-ingcn01-log"
    }
    }
    if [fields][tag] == "ph130-phing" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-phing-log"
    }
    }
    if [fields][tag] == "ph130-route" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-route-log"
    }
    }
    if [fields][tag] == "ph130-savetask" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-savetask-log"
    }
    }
    if [fields][tag] == "ph130-deletetask" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-deletetask-log"
    }
    }
    if [fields][tag] == "ph130-endtime" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-endtime-log"
    }
    }
    }
  • 相关阅读:
    kuberbetes1.17.3二进制安装
    jvm启动cpu和负载高分析
    kubeadm安装的k8s集群证书过期处理
    Mongodb 相关链接
    perl 之 正则表达式 (简)
    ssh-copy-id 拷贝用户秘钥
    unicode & utf-8
    Python之路,Day3
    Python Day2 (二)
    find xargs 简单组合使用
  • 原文地址:https://www.cnblogs.com/liqing1009/p/8413565.html
Copyright © 2011-2022 走看看