• logstash过滤配置

    input {
    redis {
    host => "127.0.0.1"
    port => 6380
    data_type => "list"
    key => "phgj-list"
    }
    }
    filter {
    if [fields][tag] == "ph130-ingcn01" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-phing" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-route" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-savetask" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-deletetask" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    if [fields][tag] == "ph130-endtime" {
    grok {
    match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
    }
    date {
    match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
    target => "@timestamp"
    }
    }
    }
    output {
    if [fields][tag] == "ph130-ingcn01" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-ingcn01-log"
    }
    }
    if [fields][tag] == "ph130-phing" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-phing-log"
    }
    }
    if [fields][tag] == "ph130-route" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-route-log"
    }
    }
    if [fields][tag] == "ph130-savetask" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-savetask-log"
    }
    }
    if [fields][tag] == "ph130-deletetask" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-deletetask-log"
    }
    }
    if [fields][tag] == "ph130-endtime" {
    elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "iisph130-endtime-log"
    }
    }
    }
  • 相关阅读:
    Node的Buffer
    node中定时器的“先进”用法
    比较setImmediate(func),setTimeout(func),process.nextTick(func)
    node.js事件触发
    node.js express的安装过程
    ”靠谱的C#“单例模式
    JS性能消耗在哪里?
    如何建立索引
    优化之sitemap+RSS
    优化のzencart URL &zenid=.....
  • 原文地址:https://www.cnblogs.com/liqing1009/p/8413565.html
Copyright © 2020-2023  润新知