[root@dr-mysql01 frontend]# cat logstash_frontend.conf
input {
file {
type => "zj_frontend_access"
path => ["/data01/applog_backup/zjzc_log/zj-frontend0*access*"]
}
file {
type => "wj_frontend_access"
path => ["/data01/applog_backup/winfae_log/wj-frontend0*access*"]
}
}
filter {
grok {
match => {
"message" => "%{IPORHOST:clientip} [%{HTTPDATE:time}] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:http_status_code} %{NUMBER:bytes} "(?<http_referer>S+)" "(?<http_user_agent>S+)" "(?<http_x_forwarded_for>S+)""
}
}
}
output {
if [type] == "zj_frontend_access" {
redis {
host => "192.168.32.67"
data_type => "list"
key => "zj_frontend_access:redis"
port=>"6379"
password => "1234567"
}
}
else if [type] == "wj_frontend_access"{
redis {
host => "192.168.32.67"
data_type => "list"
key => "wj_frontend_access:redis"
port=>"6379"
password => "1234567"
}
}
}
[root@dr-mysql01 frontend]# cat logstash_indexer.conf
input {
redis {
host => "192.168.32.67"
data_type => "list"
key => "zj_frontend_access:redis"
password => "1234567"
port =>"6379"
}
redis {
host => "192.168.32.67"
data_type => "list"
key => "wj_frontend_access:redis"
password => "1234567"
port =>"6379"
}
}
output {
if [type] == "zj_frontend_access"{
elasticsearch {
hosts => "192.168.32.80:9200"
index => "logstash-zjzc-frontend-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
else if [type] == "wj_frontend_access"{
elasticsearch {
hosts => "192.168.32.81:9200"
index => "logstash-wj-frontend-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
}