1、官网地址
https://www.elastic.co/products/logstash
2、Logstash参考资料
- [Logstash最佳实践]: http://udn.yyuap.com/doc/logstash-best-practice-cn/index.html
- [Logstash官方文档]: https://www.elastic.co/guide/en/logstash/current/index.html
3、参考配置
input {
file {
path => "/var/log/messages" #系统日志
type => "system"
start_position => "beginning"
}
file {
path => "/var/log/elasticsearch/yun.log" #java异常日志
type => "es-error"
start_position => "beginning"
codec => multiline { #多行优化处理
pattern => "^\["
negate => true
what => "previous"
}
}
}
output {
if [type] == "system" {
elasticsearch {
hosts => ["192.168.26.144:9200"]
index => "system-%{+YYYY.MM.dd}"
}
}
if [type] == "es-error" {
elasticsearch {
hosts => ["192.168.26.144:9200"]
index => "es-error-%{+YYYY.MM.dd}"
}
}
}
扫一扫
2164
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
