=================正则匹配
[root@web02 conf.d]# cat apache-grok.conf
input{
file {
path => "/var/log/httpd/access_log"
type => "apache_access.log"
start_position => "beginning"
}
}
filter {
if [type] == "apache_access.log" {
grok {
match => {"message" => "%{COMBINEDAPACHELOG}" } # 内置httpd正则
}
}
}
output{
if [type] == "apache_access.log" {
elasticsearch {
hosts => ["10.0.0.18:9200"]
index=> "apache_access-%{+YYYY-MM}"
}
}
stdout {
codec => rubydebug
}
}
==============================
[root@web02 conf.d]# cat grok.conf
input {
stdin {
}
}
filter {
grok {
match => { "message" => "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" }
}
}
output {
stdout {
codec => rubydebug
}
}
=========================
[root@web02 conf.d]# cat httpd_redis.conf
input {
file {
path => "/var/log/httpd/access_log"
start_position => "beginning"
}
}
output {
redis {
host => "10.0.0.18"
port => "6379"
db => "6"
data_type => "list"
key => "demo"
}
}
============================
[root@web02 conf.d]# cat nginx.conf
input {
file {
path => "/var/log/nginx/access_log_jason.log"
codec => "json"
type => "nginx-access-log"
}
}
filter {
}
output {
elasticsearch {
hosts => ["10.0.0.18:9200"]
index => "nginx-access-log-%{+YYYY.MM.dd}"
}
stdout{
codec => rubydebug
}
}
======================
[root@web02 conf.d]# cat redis.conf
input {
stdin {
}
}
filter {
}
output {
redis {
host => "10.0.0.18"
port => "6379"
db => "6"
data_type => "list"
key => "demo"
}
}