• elk日志过滤文档

    vi /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-patterns-core-4.1.2/patterns/grok-patterns

    1. # DYZHENGZE 添加自定义正则
    2. DYTIME (?:(d{4}-d{2}-d{2} d{2}:d{2}:d{2}))
    3. DYLEVELS (?:[[A-Z]+])
    4. DYMESSAGE (?:[sS]*)

    vi /etc/logstash/conf.d/file.conf

    1. input {
    2. beats {
    3. host => "192.168.130.134"
    4. port => 5044
    5. }
    6. }
    7. filter {
    8. grok {
    9. match => {
    10. # "message" => "(?<datelogs>(?:.*)?) (?<levels>(?:[[A-Z]+])?) (?<message>(?:[sS]*)?)"
    11. "message" => "%{DYTIME:datelogs} %{DYLEVELS:levels} %{DYMESSAGE:message}"
    12. }
    13. overwrite => ["message"]
    14. remove_field => ["[beat][version]", "[beat][hostname]", "@version", "tags", "[beat][name]"]
    15. }
    16. }
    17. # filter {
    18. # mutate {
    19. # rename => {"message" => "new_message"}
    20. # }
    21. # }
    22. output {
    23. elasticsearch {
    24. hosts => ["192.168.130.134:9200"]
    25. index => "dylog-%{+YYYY.MM.dd}"
    26. }
    27. }
    28. # output {stdout{codec => rubydebug}}

    037105729970
    123456

    日期

    https://www.jianshu.com/p/cbb708b2e464?from=singlemessage

    https://www.cnblogs.com/cp-miao/p/7205914.html

    echo “2019-11-07 20:01:30 [DEBUG] HV000234: Using org.hibernate.validator.internal.engine.scripting.DefaultScriptEvaluatorFactory” >> /logstest/config-client.debug.log2019-11-09
    echo “2019-11-07 20:01:30 [INFO] HV000234: Using org.hibernate.validator.internal.engine.scripting.DefaultScriptEvaluatorFactory” >> /logstest/config-client.debug.log2019-11-09
    echo “ at org.springframework.cloud.config.client.ConfigServicePropertySourceLocator.locate(ConfigServicePropertySourceLocator.java:136)” >> /logstest/config-client.debug.log2019-11-09
    echo “ at org.springframework.cloud.config.client.ConfigServicePropertySourceLocator.locate(ConfigServicePropertySourceLocator.java:136)” >> /logstest/config-client.debug.log2019-11-09
    echo “ at org.springframework.cloud.config.client.ConfigServicePropertySourceLocator.locate(ConfigServicePropertySourceLocator.java:136)” >> /logstest/config-client.debug.log2019-11-09
    echo “ at org.springframework.cloud.config.client.ConfigServicePropertySourceLocator.locate(ConfigServicePropertySourceLocator.java:136)” >> /logstest/config-client.debug.log2019-11-09
    echo “ at org.springframework.cloud.config.client.ConfigServicePropertySourceLocator.locate(ConfigServicePropertySourceLocator.java:136)” >> /logstest/config-client.debug.log2019-11-09
    echo “2019-11-07 22:01:30 [INFO] HV000234: Using org.hibernate.validator.internal.engine.scripting.DefaultScriptEvaluatorFactory” >> /logstest/config-client.debug.log2019-11-09

    rpm -ivh http://192.168.130.150/ELK/filebeat-6.8.5-x86_64.rpm
    curl -s http://192.168.130.150/ELK/fbeat/filebeat.sh -o /etc/filebeat/filebeat.yml
    mkdir /logstest
    systemctl restart filebeat && systemctl enable filebeat
    echo “2019-11-07 20:01:30 [INFO] HV000234: Using org.hibernate.validator.internal.engine.scripting.DefaultScriptEvaluatorFactory” >> /logstest/config-client.debug.log2019-11-09
    ps -ef | grep filebeat

    curl -s http://192.168.130.150/ELK/fbeat/filebeat.sh -o /etc/filebeat/filebeat.yml
    systemctl restart filebeat
  • 相关阅读:
    FTPClient使用中的问题--获取当前工作目录为null
    MGR安装
    脚本在Shell可以执行成功,放到crontab里执行失败
    使用Python通过SMTP发送邮件
    MySQL Router
    事务管理(ACID)
    mysqldump使用
    MySQL InnoDB Cluster
    Linux LVM逻辑卷配置过程详解(创建、扩展、缩减、删除、卸载、快照创建)
    centos命令行控制电脑发出滴滴声
  • 原文地址:https://www.cnblogs.com/zgqbky/p/15080379.html
Copyright © 2020-2023  润新知