zoukankan      html  css  js  c++  java

  • Windows Log4日志发送到ElasticSearch

    处理多行数据到elasticsearch

       

    Nxlog 配置

       

    <Input in>

    Module im_file

    File "E:\log\webapi\err.log"

    SavePos TRUE

    </Input>

       

    <Output out>

    Module om_tcp

    Host 127.0.0.1

    Port 5544

    </Output>

       

    <Route 1>

    Path in => out

    </Route>

       

       

    Logstash 配置

       

    input {

    tcp {

    port => 5544

    codec => multiline {

    charset =>"locale"

    pattern => "^d{4}-d{2}-d{2} d{2}:d{2}:d{2}\,d{3}"

    negate => true

    what => "previous"

    }

    type => "log4-input"

    }

       

    }

       

    filter {

    if [type]=="log4-input"{

    grok {

    match => {

    "message" => "(?m)%{TIMESTAMP_ISO8601:logtime} [%{NUMBER:priority:int}] %{DATA:level} [(null)]"

    }

    }

    ruby {

    code => "event['readtime'] = event['@timestamp']"

    }

    date {

    #locale => "en"

    match => ["logtime", "YYYY-MM-dd HH:mm:ss"]

    #timezone => "UTC"

    #target => "logtimestamp"

    remove_field => [ "logtime"]

    }

    }

       

    }

       

       

    if [type]=="log4-input"{

    elasticsearch {

    hosts => ["localhost:9200"]

    }

    }

       

       

    日志格式

    2016-03-02 00:01:12,315 [34] ERROR [(null)] - Messagefdsa

    Fdsadfsa

    2016-03-02 00:01:12,315 [34] ERROR [(null)] - Message1
  • 相关阅读:
    python 解释器交互模块 -- sys
    python 操作系统模块 -- OS
    python 随机数模块 -- random
    python 时间模块 -- time
    Python 面向对象
    python 模块
    python -- 面向对象进阶
    github连接提示
    linux day4
    git基本使用
  • 原文地址:https://www.cnblogs.com/liuyuhua/p/5318358.html
Copyright © 2011-2022 走看看