logstash 笔记

最新推荐文章于 2024-06-16 06:30:00 发布

guagua070707

最新推荐文章于 2024-06-16 06:30:00 发布

阅读量329

点赞数

分类专栏： elk 文章标签： elasticsearch 大数据 big data

本文链接：https://blog.csdn.net/yilu_beiyu/article/details/123007539

版权

elk 专栏收录该内容

8 篇文章 0 订阅

订阅专栏

only focus on use

abstraction layer separate the representation

logstash版本基于7.10

https://www.elastic.co/guide/en/logstash/7.10/index.html

测试logstach

cd logstash-7.10.2
bin/logstash -e 'input { stdin { } } output { stdout {} }'

skeleton

https://www.elastic.co/guide/en/logstash/7.10/advanced-pipeline.html

input {
    beats {
        port => "5044"
    }
}
# The filter part of this file is commented out to indicate that it is
# optional.
# filter {
#
# }
output {
    stdout { codec => rubydebug }
}

The --config.test_and_exit option parses your configuration file and reports any errors
The --config.reload.automatic option enables automatic config reloading so that you don’t have to stop and restart Logstash every time you modify the configuration file.

plugins

The grok filter plugin enables you to parse the unstructured log data into something structured and queryable.

debug grok expression
https://www.elastic.co/guide/en/kibana/7.10/xpack-grokdebugger.html


https://www.elastic.co/guide/en/elasticsearch/reference/7.10/grok-processor.html#grok-basics

pattern的语法：
The syntax for reusing a grok pattern comes in three forms: %{SYNTAX:SEMANTIC}, %{SYNTAX}, %{SYNTAX:SEMANTIC:TYPE}

guagua070707

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
logstash 笔记

only focus on useabstraction layer separate the representationlogstash版本基于7.10https://www.elastic.co/guide/en/logstash/7.10/index.html测试logstachcd logstash-7.10.2bin/logstash -e 'input { stdin { } } output { stdout {} }'skeletonhttps://www.ela
复制链接

扫一扫

专栏目录