Logstash *.conf 配置文件所使用的参数源于Ruby,现归纳如下:
# input
# e.g.
input
{
file
{
path => ["/home/logone/testlog3/ora_*.log","/home/logone/testlog3/alert_orcl.log"]
start_position => beginning
type => "db_log"
add_field => { "platform" => "oracle" }
}
}
file
{
path => "F:\Temp\TmpLog\mig_20141031.log"
codec => multiline
{
# pattern => "^%{TIMESTAMP_ISO8601} ^%{DATE} ^%{DATESTAMP}"
patterns_dir => ["F:\Dev\Logagent_3.142\logagent-3.0.142\mypatterns"]
pattern => "%{TOMCATDATE}|%{TIME}"
negate => true
what => previous
}
...
# filter
#e.g.
filter
{
if [type] == "TmpLog" { # if [foo] in ["hello", "world", "foo"]
mutate {
replace => { "type" => "apache_access" } # mutation:变异,即更改字段&