logstash收集日志信息，输出给elasticsearch，通过postman查询数据

最新推荐文章于 2023-04-22 19:16:42 发布

跳蛙pass

最新推荐文章于 2023-04-22 19:16:42 发布

阅读量286

点赞数

文章标签： elasticsearch 大数据

本文链接：https://blog.csdn.net/weixin_47263088/article/details/106415493

版权

input {
        file {
                path => "/opt/system/sys.log"
                start_position => "beginning"
                sincedb_path => "/dev/null"
                type => "system"
        }
        file {
                path => "/opt/action/user.log"
                start_position => "beginning"
                sincedb_path => "/dev/null"
                codec => json
                type => "action"
        }
}
filter {
        if [type] == "system" {
                grok {
                        match => { "message" => "(?<userid>[0-9]+)\|(?<event_name>[a-zA-Z_]+)\|(?<times>[0-9]+)\|(?<ip>[0-9],{1,3}\.[0-9],{1,3}\.[0-9],{1,3}\.[0-9],{1,3})"}
                        remove_field => ["message"]
                }
        }else {
                mutate {
                        add_field => { "@abc" => "%{cm}"}
                }
                json {
                        source => "@abc"
                        remove_field => [ "@abc","cm" ]
                }
        }
}
output {
        if [type] == "system" {
                elasticsearch {
                        hosts => "http://192.168.56.120:9200"
                        index => "system1"
                        document_type => "sys"
                }
        }else {
                elasticsearch {
                        hosts => "http://192.168.56.120:9200"
                        index => "customs1"
                        document_type => "actions"
                }
        }
}

跳蛙pass

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
logstash收集日志信息，输出给elasticsearch，通过postman查询数据

input { file { path => "/opt/system/sys.log" start_position => "beginning" sincedb_path => "/dev/null" type => "system" } file { path =>
复制链接

扫一扫