文章摘自课程链接:https://study.163.com/course/introduction/1005164019.htm
logstash配置文件介绍(input、output、filter插件)
input插件
file插件
path
start_position:beginning、end
type:添加一个字符描述字段
备注
https://www.elastic.co/guide/en/logstash/current/input-plugins.html
filter插件
备注正则表达规则
https://github.com/logstash-plugins/logstash-patterns-core/tree/master/patterns
output插件(elasticsearch、file、redis)
案例
logstash配置文件
file{
path=>"/tmp/test"
start_position=>"beginning"
type=>"test"
}
}
filter{
grok{
match => { "message" => "%{IP:client_ip_address} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:http_response_t
ime}" }
}
}
output{
file{
path=>"/tmp/out"
}
}
执行这个命令添加记录到文件中 echo "55.3.244.1 GET /index.html 15824 0.043" >> /tmp/test
执行加载logstash配置文件
usr/share/logstash/bin/logstash -f usr/share/logstash/config/filter.conf
网友评论