zoukankan      html  css  js  c++  java

  • elk日志过滤文档

    vi /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-patterns-core-4.1.2/patterns/grok-patterns

    1. # DYZHENGZE 添加自定义正则
    2. DYTIME (?:(d{4}-d{2}-d{2} d{2}:d{2}:d{2}))
    3. DYLEVELS (?:[[A-Z]+])
    4. DYMESSAGE (?:[sS]*)

    vi /etc/logstash/conf.d/file.conf

    1. input {
    2. beats {
    3. host => "192.168.130.134"
    4. port => 5044
    5. }
    6. }
    7. filter {
    8. grok {
    9. match => {
    10. # "message" => "(?<datelogs>(?:.*)?) (?<levels>(?:[[A-Z]+])?) (?<message>(?:[sS]*)?)"
    11. "message" => "%{DYTIME:datelogs} %{DYLEVELS:levels} %{DYMESSAGE:message}"
    12. }
    13. overwrite => ["message"]
    14. remove_field => ["[beat][version]", "[beat][hostname]", "@version", "tags", "[beat][name]"]
    15. }
    16. }
    17. # filter {
    18. # mutate {
    19. # rename => {"message" => "new_message"}
    20. # }
    21. # }
    22. output {
    23. elasticsearch {
    24. hosts => ["192.168.130.134:9200"]
    25. index => "dylog-%{+YYYY.MM.dd}"
    26. }
    27. }
    28. # output {stdout{codec => rubydebug}}

    037105729970
    123456

    日期

    https://www.jianshu.com/p/cbb708b2e464?from=singlemessage

    https://www.cnblogs.com/cp-miao/p/7205914.html

    echo “2019-11-07 20:01:30 [DEBUG] HV000234: Using org.hibernate.validator.internal.engine.scripting.DefaultScriptEvaluatorFactory” >> /logstest/config-client.debug.log2019-11-09
    echo “2019-11-07 20:01:30 [INFO] HV000234: Using org.hibernate.validator.internal.engine.scripting.DefaultScriptEvaluatorFactory” >> /logstest/config-client.debug.log2019-11-09
    echo “ at org.springframework.cloud.config.client.ConfigServicePropertySourceLocator.locate(ConfigServicePropertySourceLocator.java:136)” >> /logstest/config-client.debug.log2019-11-09
    echo “ at org.springframework.cloud.config.client.ConfigServicePropertySourceLocator.locate(ConfigServicePropertySourceLocator.java:136)” >> /logstest/config-client.debug.log2019-11-09
    echo “ at org.springframework.cloud.config.client.ConfigServicePropertySourceLocator.locate(ConfigServicePropertySourceLocator.java:136)” >> /logstest/config-client.debug.log2019-11-09
    echo “ at org.springframework.cloud.config.client.ConfigServicePropertySourceLocator.locate(ConfigServicePropertySourceLocator.java:136)” >> /logstest/config-client.debug.log2019-11-09
    echo “ at org.springframework.cloud.config.client.ConfigServicePropertySourceLocator.locate(ConfigServicePropertySourceLocator.java:136)” >> /logstest/config-client.debug.log2019-11-09
    echo “2019-11-07 22:01:30 [INFO] HV000234: Using org.hibernate.validator.internal.engine.scripting.DefaultScriptEvaluatorFactory” >> /logstest/config-client.debug.log2019-11-09

    rpm -ivh http://192.168.130.150/ELK/filebeat-6.8.5-x86_64.rpm
    curl -s http://192.168.130.150/ELK/fbeat/filebeat.sh -o /etc/filebeat/filebeat.yml
    mkdir /logstest
    systemctl restart filebeat && systemctl enable filebeat
    echo “2019-11-07 20:01:30 [INFO] HV000234: Using org.hibernate.validator.internal.engine.scripting.DefaultScriptEvaluatorFactory” >> /logstest/config-client.debug.log2019-11-09
    ps -ef | grep filebeat

    curl -s http://192.168.130.150/ELK/fbeat/filebeat.sh -o /etc/filebeat/filebeat.yml
    systemctl restart filebeat
  • 相关阅读:
    闭包
    内置函数
    595926265989859
    C错题集锦
    C中改变指针的指向
    /dev/zero
    define的高级用法
    (转)Linux ./configure --prefix命令
    (转)linux下tty,控制台,虚拟终端,串口,console(控制台终端)详解
    内核驱动模块的Makefile模板
  • 原文地址:https://www.cnblogs.com/zgqbky/p/15080379.html
Copyright © 2011-2022 走看看