input {
file {
type => "zj_api_access"
path => ["/data01/applog_backup/zjzc_log/zj-api*access*"]
}
file {
type => "wj_api_access"
path => ["/data01/applog_backup/winfae_log/wj-api*access*"]
}
}
filter {
grok {
match => [
"message" , "s*%{IPORHOST:clientip}s+-s+-s+[%{HTTPDATE:time}]s+"%{WORD:verb}s+(?<api>(S+))?.*s+HTTP/%{NUMBER:httpversion}"s+%{NUMBER:http_status_code}s+%{NUMBER:bytes}s+(%{BASE16FLOAT:request_time})s+%{IPORHOST:remoteip}",
"message" ,"s*%{IPORHOST:clientip}s+-s+-s+[%{HTTPDATE:time}]s+"%{WORD:verb}s+(?<api>(S+))s+HTTP/%{NUMBER:httpversion}"s+%{NUMBER:http_status_code}s+%{NUMBER:bytes}s+(%{BASE16FLOAT:request_time})s+%{IPORHOST:remoteip}",
"message" ,"s*%{IPORHOST:clientip}s+-s+-s+[%{HTTPDATE:time}]s+"%{WORD:verb}s+(?<api>(S+))s+HTTP/%{NUMBER:httpversion}"s+%{NUMBER:http_status_code}s+-s+(%{BASE16FLOAT:request_time})s+%{IPORHOST:remoteip}"
]
}
mutate {
convert => [ "request_time", "float"]
add_field =>["response_time","%{request_time}"]
remove_field =>["request_time"]
add_field => [ "[@metadata][zabbix_key]" , "logstash-api-access" ]
add_field => [ "[@metadata][zabbix_host]" , "dr-mysql01" ]
}
date {
match => ["time", "dd/MMM/yyyy:HH:mm:ss Z"]
}
}
output {
if [response_time] >= 5 {
zabbix {
zabbix_host => "[@metadata][zabbix_host]"
zabbix_key => "[@metadata][zabbix_key]"
zabbix_server_host => "192.168.32.55"
zabbix_server_port => "10051"
zabbix_value => "message"
}
}
if [type] == "zj_api_access" {
redis {
host => "192.168.32.67"
data_type => "list"
key => "zj_api_access:redis"
port=>"6379"
password => "1234567"
}
}
else if [type] == "wj_api_access"{
redis {
host => "192.168.32.67"
data_type => "list"
key => "wj_api_access:redis"
port=>"6379"
password => "1234567"
}
}
}