input { kafka{ bootstrap_servers => ["18.3.10.53:9092,18.3.10.54:9092,19.3.10.55:9092,19.3.10.56:9092,19.3.10.57:9092,19.3.10.91:9092,19.3.10.92:9092,19.3.10.93:9092"] auto_offset_reset => "latest" consumer_threads => 5 decorate_events => true topics => ["mips_monitor_log"] type => "mips_monitor_log" } kafka{ bootstrap_servers => ["19.3.10.53:9092,19.3.10.54:9092,19.3.10.55:9092,19.3.100.56:9092,19.3.10.57:9092,19.3.10.91:9092,19.3.10.92:9092,19.3.10.93:9092"] auto_offset_reset => "latest" consumer_threads => 5 decorate_events => true topics => ["mips_info_log"] type => "mips_info_log" } } filter { multiline { pattern => "^d{4}-d{1,2}-d{1,2}sd{1,2}:d{1,2}:d{1,2}" negate => true what => "previous" } mutate { #从kafka的key中获取数据并按照逗号切割 split => ["[@metadata][kafka][key]", ","] add_field => { #将切割后的第一位数据放入自定义的“index”字段中 "ip" => "%{[@metadata][kafka][key][0]}" } } } output { if [type]=="mi_info_log"{ elasticsearch { user =>admin password =>xxxxx ssl =>true ssl_certificate_verification => false truststore =>"/cslc/dip002/elk_data/logstash-6.5.1/config/truststore.jks" truststore_password =>"1deadxxxxxxxxxxxxxx2" hosts=> ["19.3.10.91:9200","19.3.10.92:9200","19.3.10.93:9200"] index =>"info_log-%{+YYYY.MM.dd}" } } if [type]=="monitor_log"{ elasticsearch { user =>admin password =>xxxxxx ssl =>true ssl_certificate_verification => false truststore =>"/cslc/dip002/elk_data/logstash-6.5.1/config/truststore.jks" truststore_password =>"1xxxxxxxxxxxxxxxxxxxxx" hosts=> ["19.3.10.91:9200","19.3.10.92:9200","19.3.10.93:9200"] index =>"monitor_log-%{+YYYY.MM.dd}" } } }