将json文件写入ElasticSearch 配置文件 analysis.conf 如下
input { file { path => "/data/openresty/nginx/interfacelogs/*.log" start_position => beginning stat_interval => 1 #设置多长时间检测文件是否修改 默认是1s #tags => "test" #添加标签 #设置多长时间扫描目录,发现新文件 discover_interval => 15 #单位s } } filter { json{ source => "message" } mutate{ remove_field => ["message"] #移除message字段 #add_field => {"test"=>"test"} convert =>[ "request_time","float", "upstream_response_time","float", "status","integer"] #指定字段类型 } } output { elasticsearch { action => "index" hosts => ["10.18.144.10:9200","10.18.10.209:9200"] index => "ls_%{+YYYYMM}_nginx_log" document_type => "ls_%{+YYYYMM}_nginx_log" } stdout { codec => json }
}
运行 /data/logstash-6.2.2/bin/logstash -f /data/logstash-6.2.2/config/analysis.conf