配置logstash消费kafka多个topic,分别生成索引
filebeat配置多个topic
#filebeat.prospectors:
filebeat.inputs:
- input_type: log
encoding: GB2312
# fields_under_root: true
fields: ##添加字段
serverip: 192.168.1.10
logtopic: wap
enabled: True
paths:
- /app/wap/logs/catalina.out
multiline.pattern: '^\[' #java报错过滤
multiline.negate: true
multiline.match: after
tail_files: false
- input_type: log
encoding: GB2312
# fields_under_root: true
fields: ##添加字段
serverip: 192.168.1.10
logtopic: api
enabled: True
paths:
- /app/api/logs/catalina.out
multiline.pattern: '^\[' #java报错过滤
multiline.negate: true
multiline.match: after
tail_files: false
#----------------------------- Logstash output --------------------------------
output.kafka:
enabled: true
hosts: ["192.168.16.222:9092","192.168.16.237:9092","192.168.16.238:9092"]
topic: 'elk-%{[fields.logtopic]}' ##匹配fileds字段下的logtopic
partition.hash:
reachable_only: true
compression: gzip
max_message_bytes: 1000000
required_acks: 1
logging.to_files: true
查看是否输出到kafka
$ bin/kafka-topics.sh --list --zookeeper kafka-01:2181, kafka-02:2181,kafka-03:2181
elk-wap
elk-api
配置logstash集群
input{
kafka{
bootstrap_servers => "kafka-01:9092,kafka-02:9092,kafka-03:9092"
topics_pattern => "elk-.*"
consumer_threads => 5
decorate_events => true
codec => "json"
auto_offset_reset => "latest"
group_id => "logstash1"##logstash 集群需相同
}
}
filter {
ruby {
code => "event.timestamp.time.localtime"
}
mutate {
remove_field => ["beat"]
}
grok {
match => {"message" => "\[(?<time>\d+-\d+-\d+\s\d+:\d+:\d+)\] \[(?<level>\w+)\] (?<thread>[\w|-]+) (?<class>[\w|\.]+) (?<lineNum>\d+):(?<msg>.+)"
}
}
}
output {
elasticsearch {
hosts => ["192.168.16.221:9200","192.168.16.251:9200","192.168.16.252:9200"]
# index => "%{[fields][logtopic}" ##直接在日志中匹配,索引会去掉elk
index => "%{[@metadata][topic]}-%{+YYYY-MM-dd}"
}
stdout {
codec => rubydebug
}
logstash集群配置
一机多实例,同一个配置文件,启动时只需更改数据路径
./bin/logstash -f test.conf --path.data=/usr/local/logdata/
多台机器
logstash配置文件group_id 相同即可
分类:
ELK Stack
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 【自荐】一款简洁、开源的在线白板工具 Drawnix
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
· Docker 太简单,K8s 太复杂?w7panel 让容器管理更轻松!