ELK之jason配置nginx文件等多个配置文件

posted @   滴滴滴  阅读(238)  评论(0编辑  收藏  举报
分类: linux
undefined
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
[root@web02 ~]# cat  /etc/logstash/conf.d/nginx.conf
input {
    file {
        path => "/var/log/nginx/access_log_jason.log"
        codec => "json"
        type => "nginx-access-log"
    }
 
 
}
 
 
filter {
 
 
 
}
 
 
output {
    elasticsearch {
        hosts => ["10.0.0.18:9200"]
        index => "nginx-access-log-%{+YYYY.MM.dd}"
 
    }
    stdout{
        codec => rubydebug
    }
 
}

 

#正则匹配[  ] 两个括号之间的内容

 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[root@web04 conf.d]# cat codec.conf
input{
    stdin {
        codec => multiline{
            pattern => "^\["
            negate => true
            what => "previous"
        }
 
    }
 
 
 
}
 
filter{
}
 
 
output{
 
    stdout{
        codec => rubydebug
    }
 
}

 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
[root@web04 conf.d]# cat demo.conf
input {
    stdin{}
 
}
 
filter {
 
 
 
}
 
 
output {
    elasticsearch{
        hosts => ["10.0.0.18:9200"]
        index => "logstash-%{+YYYY.MM.dd}"
    }
    stdout{
        codec => rubydebug
    }
 
}
=====================================
多行正则匹配
 
[root@web04 conf.d]# cat file.conf
input {
    file{
 
        path => ["/var/log/messages","/var/log/secure"]
        type => "system-log"
        start_position => "beginning"
    }
     
    file {
        path => ["/var/log/elasticsearch/my-es.log","/var/log/elasticsearch/my-es.log.2018-01-15"]
        type => "es-log"
        start_position => "beginning"
        codec => multiline{
                        pattern => "^\["
                        negate => true
                        what => "previous"
                }
 
 
    }
}
 
filter {
 
 
 
 
}
 
output {
    if [type] == "system-log" {
        elasticsearch {
            hosts => ["10.0.0.18:9200"]
            index => "system-log-%{+YYYY.MM}"
        }
    }
    if [type] == "es-log" {
        elasticsearch {
            hosts => ["10.0.0.18:9200"]
            index => "es-log-%{+YYYY.MM}"
        }
    }
 
}
================================
syslog 插件
[root@web04 conf.d]# cat sys.log
input {
 
    syslog{
 
        type => "system-syslog"
        port => 514
    }
 
}
 
 
output {
    elasticsearch {
        hosts => ["10.0.0.18:9200"]
        index => "system-syslog-%{+YYYY.MM}"
    }
 
 
}
===============
 
#TCP 通过端口传送到一个文件
[root@web04 conf.d]# cat tcp.conf
input {
    tcp {
 
                type => "tcp"
                port => "6666"
                mode => "server"
 
        }
 
}
 
filter {
     
 
}
 
 
 
output {
 
    stdout {
        codec => rubydebug
    }
 
 
 
}

 

posted @   滴滴滴  阅读(238)  评论(0编辑  收藏  举报
编辑推荐:
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
阅读排行:
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 【自荐】一款简洁、开源的在线白板工具 Drawnix
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
· Docker 太简单,K8s 太复杂?w7panel 让容器管理更轻松!
点击右上角即可分享
微信分享提示