[root@dr-mysql01 frontend]# cat logstash_frontend.conf input { file { type => "zj_frontend_access" path => ["/data01/applog_backup/zjzc_log/zj-frontend0*access*"] } file { type => "wj_frontend_access" path => ["/data01/applog_backup/winfae_log/wj-frontend0*access*"] } } filter { grok { match => { "message" => "%{IPORHOST:clientip} [%{HTTPDATE:time}] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:http_status_code} %{NUMBER:bytes} "(?<http_referer>S+)" "(?<http_user_agent>S+)" "(?<http_x_forwarded_for>S+)"" } } } output { if [type] == "zj_frontend_access" { redis { host => "192.168.32.67" data_type => "list" key => "zj_frontend_access:redis" port=>"6379" password => "1234567" } } else if [type] == "wj_frontend_access"{ redis { host => "192.168.32.67" data_type => "list" key => "wj_frontend_access:redis" port=>"6379" password => "1234567" } } } [root@dr-mysql01 frontend]# cat logstash_indexer.conf input { redis { host => "192.168.32.67" data_type => "list" key => "zj_frontend_access:redis" password => "1234567" port =>"6379" } redis { host => "192.168.32.67" data_type => "list" key => "wj_frontend_access:redis" password => "1234567" port =>"6379" } } output { if [type] == "zj_frontend_access"{ elasticsearch { hosts => "192.168.32.80:9200" index => "logstash-zjzc-frontend-%{+YYYY.MM.dd}" } stdout { codec => rubydebug } } else if [type] == "wj_frontend_access"{ elasticsearch { hosts => "192.168.32.81:9200" index => "logstash-wj-frontend-%{+YYYY.MM.dd}" } stdout { codec => rubydebug } } }