單文件文本同步到ES
input {
file {
path=> [ "C:/JWD/logs/*.log" ]
#path=> [ "C:/JWD/server/nginx/logs/*.log",
# "C:/JWD/server/Debug/log/*.log" ]
start_position => beginning
stat_interval => 1 #設置多長時間檢測文件是否修改 默認是1s
#tags => "test" #添加標籤
#設置多長時間掃描目錄,發現新文件
discover_interval => 15
# 設置監聽間隔 各字段含義(從左至右)分、時、天、月、年,全爲*默認含義爲每分鐘都更新
}
}
filter {
json{
source => "message"
}
mutate{
remove_field => ["message"]
#add_field => {"test"=>"test"}
}
# mutate{
# remove_field => ["host","path","message","@timestamp","@version"]
# }
}
#https://blog.csdn.net/zhousenshan/article/details/81023857
#https://blog.csdn.net/yelllowcong/article/details/80846752
output {
elasticsearch {
action => "index"
hosts => "127.0.0.1:9200"
index => "ls_%{+YYYYMMdd}_lua_log"
document_type => "ls_%{+YYYYMMdd}_lua_log"
}
stdout {
codec => json
}
}
多文件文本同步到ES
input {
file {
type => "log1"
path=> [ "C:\JWD\Logs/*" ]
start_position => beginning
stat_interval => 1 #設置多長時間檢測文件是否修改 默認是1s
#tags => "test" #添加標籤
#設置多長時間掃描目錄,發現新文件
discover_interval => 15
# 設置監聽間隔 各字段含義(從左至右)分、時、天、月、年,全爲*默認含義爲每分鐘都更新
}
file {
type => "log2"
path=> [ "C:\JWD\LSDC/*" ]
start_position => beginning
stat_interval => 1 #設置多長時間檢測文件是否修改 默認是1s
#tags => "test" #添加標籤
#設置多長時間掃描目錄,發現新文件
discover_interval => 15
# 設置監聽間隔 各字段含義(從左至右)分、時、天、月、年,全爲*默認含義爲每分鐘都更新
}
}
filter {
json{
source => "message"
}
mutate{
remove_field => ["message"]
#add_field => {"test"=>"test"}
}
# mutate{
# remove_field => ["host","path","message","@timestamp","@version"]
# }
}
#https://blog.csdn.net/zhousenshan/article/details/81023857
#https://blog.csdn.net/yelllowcong/article/details/80846752
output {
if [type] == "log1"{
elasticsearch {
action => "index"
hosts => "127.0.0.1:9204"
index => "ls_%{+YYYYMMdd}_lua_log"
document_type => "ls_%{+YYYYMMdd}_lua_log"
}
}
if [type] == "log2"{
elasticsearch {
action => "index"
hosts => "127.0.0.1:9204"
index => "ls_%{+YYYYMMdd}_lsdc_log"
document_type => "ls_%{+YYYYMMdd}_lsdc_log"
}
}
stdout {
codec => json
}
}
啓動代碼:logstash -f analysis.conf (其中analysis.conf問配置文件的文件名,在bin目錄下)
