logstash 从redis中取日志存到elasticsearch
input{
redis{
data_type => "list"
host => "192.168.56.11"
db = "1"
port => "6379"
password => "123456"
key => "rsyslog-5612"
}
}
output{
elasticsearch{
hosts => "[192.168.56.11:9200]"
index => "redis-rsyslog-5612"
}
}
filebeat
filebeat.prospectors:
- type: log
enabled: true
paths:
- /var/log/*.log
- /var/log/messages #配置收集的日志路径
exclude_lines: ['^DBG',"^$"] #排除以DBG开头和空行
document_type: filesystem-log-5612 #设置类型
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 3
setup.kibana:
output.file: #输出到文件
path: "/tmp"
filename: "filebeat.txt"
filebeat.prospectors:
- input_type: log
paths:
- /var/log/*.log
- /var/log/messages #配置收集的日志路径
exclude_lines: ['^DBG',"^$"] #排除以DBG开头和空行
document_type: filesystem-log-5612 #设置类型
output.file: #输出到文件
path: "/tmp"
filename: "filebeat.txt"
output.redis: #输出到redis
hosts: "192.168.56.12"
db: "2"
port: "6379"
password: "123456"
key: "filesystem-log-5612"