zoukankan      html  css  js  c++  java

  • ELKlogstash

    下载对应的logstash

    https://artifacts.elastic.co/downloads/logstash/logstash-7.10.1-linux-x86_64.tar.gz

    解压logstash

    tar -xf logstash-7.10.1-linux-x86_64.tar.gz

    移动到自己的目录就可以了

    测试

    ../bin/logstash -e 'input { stdin{} } output { elasticsearch {hosts => ["192.168.50.80:9200"]} }'

    测试文件结构input {        file {

    input {
                    path     => "/var/log/messages"
                type => "system"
                #按行读取日志
                start_position => "beginning"
        }

        file {
                path => "/usr/local/elasticsearch/logs/elasticsearch.log"
                type => "elasticsearch"
                start_position => "beginning"
              #按事物读取  
                codec => multiline {
                        pattern => "^\["
                        negate => true
                        what => "previous"
                }
        }
}

output {

        if [type] == "system" {
                elasticsearch {
                        hosts => ["192.168.50.80:9200"]
                        index => "system-%{+YYYY.MM.dd}"
                }

        }

        if [type] == "elasticsearch" {
                elasticsearch {
                        hosts => ["192.168.50.80:9200"]
                        index => "elasticsearch-%{+YYYY.MM.dd}"
                }
        }
}
  • 相关阅读:
    P3224 [HNOI2012]永无乡(平衡树合并)
    jquery的队列问题
    值得以后看的东西
    js的>>>
    js的set和get
    js数组的操作方法
    中文冒号检查了两个小时
    setintervalue传参数的三种方法
    js轮训
    npm全局安装
  • 原文地址:https://www.cnblogs.com/xiongyoutom/p/14483246.html
Copyright © 2011-2022 走看看