查看官方文档
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-file.html
找个路径
/home/data/logstash/logstash/config
创建 vi file.config
input {
file {
path => "/var/log/messages"
type => "system"
start_position => "beginning"
}
##java的输出日志 使用codec 处理异常信息
file {
path => "/home/data/es/logs/oldboy.log"
type => "es_error"
start_position => "beginning"
##输出错误日志
codec => multiline {
pattern => "^["
negate => true
what => "previous"
}
}
}
output {
if [type]=="system" {
elasticsearch {
hosts => ["192.168.174.130:9200"]
index => "system-%{+YYYY.MM.dd}"
}
}
if [type]=="es_error" {
elasticsearch {
hosts => ["192.168.174.130:9200"]
index => "es_error-%{+YYYY.MM.dd}"
}
}
}
启动
bin/logstash -f /home/data/logstash/logstash/config/file.conf