[root@10-19-148-59 etc]# vim front_esb.conf input { beats { type => beats port => 5077 } } filter { if [type] == 'test-front' { grok { overwrite => ['message'] } } if [type] == 'test-esb' { grok { overwrite => ['message'] } } } output { if [type] == 'test-front' { elasticsearch { hosts => ["10.19.148.59:9200"] index => "test-front-%{+YYYY.MM.dd}" } } if [type] == 'test-esb' { elasticsearch { hosts => ["10.19.148.59:9200"] index => "test-esb-%{+YYYY.MM.dd}" } } }
我这里的日志采集用的是filebeat 来采集日志的