You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
61 lines
1.6 KiB
61 lines
1.6 KiB
input { |
|
# 来源beats |
|
beats { |
|
# 端口 |
|
port => "5044" |
|
} |
|
} |
|
|
|
#input { |
|
# 来源文件 |
|
# file { |
|
# path => ["/var/log/logstash/nginx.log"] |
|
# start_position => "beginning" |
|
# sincedb_path => "nul" |
|
# type => "nginx" |
|
# codec => "json" |
|
# } |
|
#} |
|
|
|
# 分析、过滤插件,可以多个 |
|
filter { |
|
if[fields][log_source] == "nginx" { |
|
#grok{ |
|
#match => { "message" => "%{IPORHOST:http_host} %{IPORHOST:clientip} - %{USERNAME:remote_user} \[%{HTTPDATE:timestamp}\]\"(?:%{WORD:http_verb} %{NOTSPACE:http_request}(?: HTTP/%{NUMBER:http_version})?|%{DATA:raw_http_request})\" %{NUMBER:response} (?:%{NUMBER:bytes_read}|-) %{QS:referrer} %{QS:agent} %{QS:xforwardedfor} %{NUMBER:request_time:float}"} |
|
#} |
|
json { |
|
source => "message" |
|
remove_field => "message" |
|
} |
|
} |
|
if[fields][log_source] == "laravel" { |
|
grok { |
|
match => [ "message","\[%{TIMESTAMP_ISO8601:logtime}\] %{WORD:env}\.%{LOGLEVEL:level}\: %{GREEDYDATA:msg}" ] |
|
} |
|
} |
|
geoip { |
|
source => "clientip" |
|
} |
|
} |
|
|
|
output { |
|
if[fields][log_source] == "nginx" { |
|
# 输出选择elasticsearch |
|
elasticsearch { |
|
hosts => ["http://es-master:9200"] |
|
index => "nginx-%{+YYYY.MM.dd}" |
|
user => "elastic" |
|
password => "123456" |
|
} |
|
} |
|
if[fields][log_source] == "laravel" { |
|
#if [level] == "ERROR" { |
|
elasticsearch { |
|
hosts => ["http://es-master:9200"] |
|
index => "laravel-%{+YYYY.MM.dd}" |
|
user => "elastic" |
|
password => "123456" |
|
} |
|
#} |
|
} |
|
} |