Windows 系统下json 格式的日志文件发送到elasticsearch
Windows 系统下json 格式的日志文件发送到elasticsearch配置
Nxlog-->logstash-->ElasticSearch
Logstash https://www.elastic.co/guide/en/logstash/current/codec-plugins.html
Elasticsearch https://www.elastic.co/guide/en/elasticsearch/guide/current/index.html
Kibana https://www.elastic.co/guide/en/kibana/current/index.html
Nxlog http://nxlog.org/docs
Nxlog.conf 配置
<Input jsonfile>
Module im_file
File "E:\\log\\webapi\\\json1.txt"
SavePos TRUE
</Input>
<Output json_out>
Module om_tcp
Host 127.0.0.1
Port 5555
</Output>
<Route jsonruby>
Path jsonfile => json_out
</Route>
Logstash my.conf文件配置
input {
tcp {
port=>5555
codec => "json"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
codec=>rubydebug
index=>"rubydebug-%{type}-%{+YYYY.MM.dd}"
}
}
日志文件
{"name":"liu1","address":"beijing201","module":"webapi1","type":"jsoninput"}
{"name":"liu2","address":"beijing202","module":"webapi1","type":"json-input"}
ElasticSearch 显示如下格式
{
"_index": "rubydebug-jsoninput-2016.03.20",
"_type": "jsoninput",
"_id": "AVOrXXTzga69Q0TXLFRR",
"_score": null,
"_source": {
"name": "liu1",
"address": "beijing201",
"module": "webapi1",
"type": "jsoninput",
"@version": "1",
"@timestamp": "2016-03-20T01:22:20.837Z",
"host": "127.0.0.1",
"port": 45392
},
"fields": {
"@timestamp": [
1458436940837
]
},
"sort": [
1458436940837
]
}