elk文件

posted @   滴滴滴  阅读(306)  评论(0编辑  收藏  举报
undefined
undefined
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
=================正则匹配
[root@web02 conf.d]# cat apache-grok.conf
input{
  file {
    path => "/var/log/httpd/access_log"
    type => "apache_access.log"
    start_position => "beginning"
  }
}
 
filter {
  if [type] == "apache_access.log" {
    grok {
      match => {"message" => "%{COMBINEDAPACHELOG}" } # 内置httpd正则
      }
  }
}
 
output{
     if [type] == "apache_access.log" {
            elasticsearch {
                hosts => ["10.0.0.18:9200"]
                index=> "apache_access-%{+YYYY-MM}"
            }
    }
    stdout {
        codec => rubydebug
    }
}
==============================
[root@web02 conf.d]# cat grok.conf
input {
    stdin {
 
    }
}
 
 
filter {
    grok {
         match => { "message" => "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" }
    }
 
 
}
 
 
output {
 
    stdout {
        codec => rubydebug
    }
 
}
=========================
[root@web02 conf.d]# cat httpd_redis.conf
input {
    file {
 
        path => "/var/log/httpd/access_log"
        start_position => "beginning"
    }
 
 
}
 
output {
    redis {
        host => "10.0.0.18"
        port => "6379"
        db => "6"
        data_type => "list"
        key => "demo"
 
    }
 
}
============================
[root@web02 conf.d]# cat nginx.conf
input {
    file {
        path => "/var/log/nginx/access_log_jason.log"
        codec => "json"
        type => "nginx-access-log"
    }
 
 
}
 
 
filter {
 
 
 
}
 
 
output {
    elasticsearch {
        hosts => ["10.0.0.18:9200"]
        index => "nginx-access-log-%{+YYYY.MM.dd}"
 
    }
    stdout{
        codec => rubydebug
    }
 
}
======================
 
 
[root@web02 conf.d]# cat redis.conf
input {
    stdin {
 
    }
 
 
}
 
 
 
filter {
 
 
 
}
 
output {
    redis {
 
        host => "10.0.0.18"
        port  => "6379"
        db => "6"
        data_type => "list"
        key => "demo"
    }
 
 
 
}

 

posted @   滴滴滴  阅读(306)  评论(0编辑  收藏  举报
编辑推荐:
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
阅读排行:
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 【自荐】一款简洁、开源的在线白板工具 Drawnix
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
· Docker 太简单,K8s 太复杂?w7panel 让容器管理更轻松!
点击右上角即可分享
微信分享提示