[root@dr-mysql01 frontend-error]# cat logstash_error.conf
input {
file {
type => "zj_frontend_error"
path => ["/data01/applog_backup/zjzc_log/zj-frontend0*error*"]
}
file {
type => "wj_frontend_error"
path => ["/data01/applog_backup/winfae_log/wj-frontend0*error*"]
}
}
filter {
grok {
match => [ "message" , "(?<timestamp>%{YEAR}[./-]%{MONTHNUM}[./-]%{MONTHDAY}[- ]%{TIME}) \[%{LOGLEVEL:severity}\] %{POSINT:pid}#%{NUMBER}: (?:, client: (?<clientip>%{IP}|%{HOSTNAME}))(?:, server: %{IPORHOST:server}?)(?:, request: %{QS:request})?(?:, upstream: (?<upstream>\"%{URI}\"|%{QS}))?(?:, host: %{QS:request_host})?(?:, referrer: \"%{URI:referrer}\")?"]
}
}
output {
if [type] == "zj_frontend_error" {
redis {
host => "192.168.32.67"
data_type => "list"
key => "zj_frontend_error:redis"
port=>"6379"
password => "1234567"
}
}
else if [type] == "wj_frontend_error"{
redis {
host => "192.168.32.67"
data_type => "list"
key => "wj_frontend_error:redis"
port=>"6379"
password => "1234567"
}
}
}
You have mail in /var/spool/mail/root
[root@dr-mysql01 frontend-error]# cat logstash_indexer.conf
input {
redis {
host => "192.168.32.67"
data_type => "list"
key => "zj_frontend_error:redis"
password => "1234567"
port =>"6379"
}
redis {
host => "192.168.32.67"
data_type => "list"
key => "wj_frontend_error:redis"
password => "1234567"
port =>"6379"
}
}
output {
if [type] == "zj_frontend_error"{
elasticsearch {
hosts => "192.168.32.80:9200"
index => "logstash-zjzc-frontend-error-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
else if [type] == "wj_frontend_error"{
elasticsearch {
hosts => "192.168.32.81:9200"
index => "logstash-wj-frontend-error-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
}
相关文章:
- logstash grok切分nginx日志 2021-12-13
- elk 分析nginx访问和错误日志 2021-10-05
- nginx 错误日志分析 以及说明 2021-11-20
- logstash采集tomcat日志、mysql错误日志 2022-12-23
- Nginx错误日志 2021-11-20
- nginx错误日志 2021-11-20
- elasticsearch+logstash+redis+kibana 实时分析nginx日志 2021-07-08
- logstash 2.2以上版本,nginx 错误日志切割 2022-12-23