/*************** 根据type判断
input {
file {
type => "zj_frontend_access"
path => ["/data01/applog_backup/zjzc_log/zj-frontend0*access*"]
}
file {
type => "wj_frontend_access"
path => ["/data01/applog_backup/winfae_log/wj-frontend0*access*"]
}
}
filter {
grok {
match => {
"message" => "%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?
<http_referer>\S+)\" \"(?<http_user_agent>\S+)\" \"(?<http_x_forwarded_for>\S+)\""
}
}
}
output {
if [type] == "zj_frontend_access" {
redis {
host => "192.168.32.67
Logstash type来标记事件类型,通过type判断
最新推荐文章于 2022-02-17 15:01:09 发布