logstash過濾配置
input {
redis {
host => "127.0.0.1"
port => 6380
data_type => "list"
key => "phgj-list"
}
}
filter {
if [fields][tag] == "ph130-ingcn01" {
grok {
match => {"message" => "\[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})\]\s*\<%{NOTSPACE:api_queue}\>\s*\-\s*%{NOTSPACE:api_level}\s*\-\s*%{NOTSPACE:api_method}.*"}
}
date {
match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
target => "@timestamp"
}
}
if [fields][tag] == "ph130-phing" {
grok {
match => {"message" => "\[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})\]\s*\<%{NOTSPACE:api_queue}\>\s*\-\s*%{NOTSPACE:api_level}\s*\-\s*%{NOTSPACE:api_method}.*"}
}
date {
match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
target => "@timestamp"
}
}
if [fields][tag] == "ph130-route" {
grok {
match => {"message" => "\[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})\]\s*\<%{NOTSPACE:api_queue}\>\s*\-\s*%{NOTSPACE:api_level}\s*\-\s*%{NOTSPACE:api_method}.*"}
}
date {
match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
target => "@timestamp"
}
}
if [fields][tag] == "ph130-savetask" {
grok {
match => {"message" => "\[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})\]\s*\<%{NOTSPACE:api_queue}\>\s*\-\s*%{NOTSPACE:api_level}\s*\-\s*%{NOTSPACE:api_method}.*"}
}
date {
match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
target => "@timestamp"
}
}
if [fields][tag] == "ph130-deletetask" {
grok {
match => {"message" => "\[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})\]\s*\<%{NOTSPACE:api_queue}\>\s*\-\s*%{NOTSPACE:api_level}\s*\-\s*%{NOTSPACE:api_method}.*"}
}
date {
match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
target => "@timestamp"
}
}
if [fields][tag] == "ph130-endtime" {
grok {
match => {"message" => "\[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})\]\s*\<%{NOTSPACE:api_queue}\>\s*\-\s*%{NOTSPACE:api_level}\s*\-\s*%{NOTSPACE:api_method}.*"}
}
date {
match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
target => "@timestamp"
}
}
}
output {
if [fields][tag] == "ph130-ingcn01" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "iisph130-ingcn01-log"
}
}
if [fields][tag] == "ph130-phing" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "iisph130-phing-log"
}
}
if [fields][tag] == "ph130-route" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "iisph130-route-log"
}
}
if [fields][tag] == "ph130-savetask" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "iisph130-savetask-log"
}
}
if [fields][tag] == "ph130-deletetask" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "iisph130-deletetask-log"
}
}
if [fields][tag] == "ph130-endtime" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "iisph130-endtime-log"
}
}
}
logstash過濾配置