elk日志过滤文档
vi /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-patterns-core-4.1.2/patterns/grok-patterns
# DYZHENGZE 添加自定义正则
DYTIME (?:(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}))
DYLEVELS (?:\[[A-Z]+\])
DYMESSAGE (?:[\s\S]*)
vi /etc/logstash/conf.d/file.conf
input {
beats {
host => "192.168.130.134"
port => 5044
}
}
filter {
grok {
match => {
# "message" => "(?<datelogs>(?:.*)?) (?<levels>(?:\[[A-Z]+\])?) (?<message>(?:[\s\S]*)?)"
"message" => "%{DYTIME:datelogs} %{DYLEVELS:levels} %{DYMESSAGE:message}"
}
overwrite => ["message"]
remove_field => ["[beat][version]", "[beat][hostname]", "@version", "tags", "[beat][name]"]
}
}
# filter {
# mutate {
# rename => {"message" => "new_message"}
# }
# }
output {
elasticsearch {
hosts => ["192.168.130.134:9200"]
index => "dylog-%{+YYYY.MM.dd}"
}
}
# output {stdout{codec => rubydebug}}
037105729970
123456
日期
https://www.jianshu.com/p/cbb708b2e464?from=singlemessage
https://www.cnblogs.com/cp-miao/p/7205914.html
echo “2019-11-07 20:01:30 [DEBUG] HV000234: Using org.hibernate.validator.internal.engine.scripting.DefaultScriptEvaluatorFactory” >> /logstest/config-client.debug.log2019-11-09
echo “2019-11-07 20:01:30 [INFO] HV000234: Using org.hibernate.validator.internal.engine.scripting.DefaultScriptEvaluatorFactory” >> /logstest/config-client.debug.log2019-11-09
echo “ at org.springframework.cloud.config.client.ConfigServicePropertySourceLocator.locate(ConfigServicePropertySourceLocator.java:136)” >> /logstest/config-client.debug.log2019-11-09
echo “ at org.springframework.cloud.config.client.ConfigServicePropertySourceLocator.locate(ConfigServicePropertySourceLocator.java:136)” >> /logstest/config-client.debug.log2019-11-09
echo “ at org.springframework.cloud.config.client.ConfigServicePropertySourceLocator.locate(ConfigServicePropertySourceLocator.java:136)” >> /logstest/config-client.debug.log2019-11-09
echo “ at org.springframework.cloud.config.client.ConfigServicePropertySourceLocator.locate(ConfigServicePropertySourceLocator.java:136)” >> /logstest/config-client.debug.log2019-11-09
echo “ at org.springframework.cloud.config.client.ConfigServicePropertySourceLocator.locate(ConfigServicePropertySourceLocator.java:136)” >> /logstest/config-client.debug.log2019-11-09
echo “2019-11-07 22:01:30 [INFO] HV000234: Using org.hibernate.validator.internal.engine.scripting.DefaultScriptEvaluatorFactory” >> /logstest/config-client.debug.log2019-11-09
rpm -ivh http://192.168.130.150/ELK/filebeat-6.8.5-x86_64.rpm
curl -s http://192.168.130.150/ELK/fbeat/filebeat.sh -o /etc/filebeat/filebeat.yml
mkdir /logstest
systemctl restart filebeat && systemctl enable filebeat
echo “2019-11-07 20:01:30 [INFO] HV000234: Using org.hibernate.validator.internal.engine.scripting.DefaultScriptEvaluatorFactory” >> /logstest/config-client.debug.log2019-11-09
ps -ef | grep filebeat
curl -s http://192.168.130.150/ELK/fbeat/filebeat.sh -o /etc/filebeat/filebeat.yml
systemctl restart filebeat