小贝子编程

基于消息字段-appname创建索引



***Logstash.conf代码*******

输入{

stdin{
type => "stdin-type"
}
file{
type => "json"
path => [ "C:/prod/*.log", "C:/prod/*/**.log"]
start_position => "beginning"
tags => "prod"
}
file{
type => "json"
path => [ "C:/dev/*.log", "C:/dev/*/**.log"]
start_position => "beginning"
tags => "dev"
}

}

过滤器{

grok {
match => {
"message" => [ "%{JSON:payload_raw} "]
}
pattern_definitions => {
"JSON" => "{.*$"}

}

json {
source => "payload_raw"
target => "payload"
}

mutate {
remove_field => [ "payload_raw","message" ]
}

date {
match => [ "[payload][datetime]", "yyyy-MM-dd HH:mm:ss,SSS" ]
target => "@timestamp"
}

}

输出{

stdout {
codec => rubydebug
}
elasticsearch {
hosts => ["localhost:9200"]
index => "%{tags}-logs"
}

}

样本日志

{datetime":"2021-08-10 04:11:37825","servername":"VM-0001","服务器ip":"(null(","进程":"2404","线程":"4","级别":"DEBUG","应用程序名":"Dev"电子邮件","页面":"Program.cs"}

给定您共享的示例文档,您的elasticsearch输出需要如下所示:

elasticsearch {
hosts => ["localhost:9200"]
index => "%{appname}-logs"
}

还要知道,索引名称不允许包含大写字母,因此Dev-Email在用作索引名称之前需要使用小写字母(使用mutate/lowercase筛选器(。

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium