本文共 1187 字,大约阅读时间需要 3 分钟。
# Sample Logstash configuration for creating a simple# Beats -> Logstash -> Elasticsearch pipeline.input { #文件的方式收集日志 file{ path => ["xx/xxx.log"] } #tcp方式收集日志 tcp{ port => "5044" #自己取的类型 type => "log4j2" } #filebeat的方式 beats{ port => "5044" } }filter { grok{ match => { "message" => "\{\"%{WORD}\":\"\[%{LOGLEVEL:level}\s\]\s%{YEAR:year}-%{MONTHNUM:mouth}-%{MONTHDAY:day} %{HOUR:hour}:?%{MINUTE:minute}(?::?%{SECOND:second})\s%{JAVACLASS:project}\s%{JAVACLASS:class}\(%{JAVAFILE:file}(?::%{NUMBER:line})?\)\s-\[%{UUID:traceId}\]\s-\s(?.+)\}" } add_tag => ["myLog"] } #将massage字段转成json json { source => "message" } date { match => ["time", "yyyy-MM-dd HH:mm:ss.SSS"] remove_field => ["time"] }}filter{ if "_grokparsefailure" in [tags]{ drop{} }}output { # if "traceId" in [message]{ elasticsearch { hosts => ["192.168.1.185:9200"] index => "application-%{+YYYY.MM.dd}" } #}
三种input,选一种即可。当然你非要用两种也ok,注意改一下端口就行。tcp方式,拿log4j2举栗子,在log4j2.xml文件中的appender添加一个socket节点就行,亲测可行
转载地址:http://mrtii.baihongyu.com/