xuanhao 发表于 2018-10-26 10:59:53

使用Logstash收集MongoDB日志并通过Zabbix报警

input {  
file {
  
    path => "/data/app_data/mongodb/log/*.log"
  
    type => "mongodb"
  
    sincedb_path => "/dev/null"
  
       }
  
   }
  

  
filter {
  
if == "mongodb" {
  
   grok {
  
       match => ["message","(?m)%{GREEDYDATA} \ %{WORD:mongoCommand} %{WORD:mongoDatabase}.%{NOTSPACE:mongoCollection} %{WORD}: \{ %{GREEDYDATA:mongoStatement} \} %{GREEDYDATA} %{NUMBER:mongoElapsedTime:int}ms"
  
]
  
       add_tag => "mongodb"
  
   }
  
   grok {
  
       match => ["message"," cursorid:%{NUMBER:mongoCursorId}"]
  
       add_tag => "mongo_profiling_data"
  
   }
  
   grok {
  
       match => ["message"," ntoreturn:%{NUMBER:mongoNumberToReturn:int}"]
  
       add_tag => "mongo_profiling_data"
  
   }
  
   grok {
  
       match => ["message"," ntoskip:%{NUMBER:mongoNumberToSkip:int}"]
  
       add_tag => "mongo_profiling_data"
  
   }
  
   grok {
  
       match => ["message"," nscanned:%{NUMBER:mongoNumberScanned:int}"]
  
       add_tag => "mongo_profiling_data"
  
   }
  
   grok {
  
       match => ["message"," scanAndOrder:%{NUMBER:mongoScanAndOrder:int}"]
  
       add_tag => "mongo_profiling_data"
  
   }
  
   grok {
  
       match => ["message"," idhack:%{NUMBER:mongoIdHack:int}"]
  
       add_tag => "mongo_profiling_data"
  
   }
  
   grok {
  
       match => ["message"," nmoved:%{NUMBER:mongoNumberMoved:int}"]
  
       add_tag => "mongo_profiling_data"
  
   }
  
   grok {
  
       match => ["message"," nupdated:%{NUMBER:mongoNumberUpdated:int}"]
  
       add_tag => "mongo_profiling_data"
  
   }
  
   grok {
  
       match => ["message"," keyUpdates:%{NUMBER:mongoKeyUpdates:int}"]
  
       add_tag => "mongo_profiling_data"
  
   }
  
   grok {
  
       match => ["message"," numYields: %{NUMBER:mongoNumYields:int}"]
  
       add_tag => "mongo_profiling_data"
  
   }
  
   grok {
  
       match => ["message"," locks\(micros\) r:%{NUMBER:mongoReadLocks:int}"]
  
       add_tag => "mongo_profiling_data"
  
   }
  
   grok {
  
       match => ["message"," locks\(micros\) w:%{NUMBER:mongoWriteLocks:int}"]
  
       add_tag => "mongo_profiling_data"
  
   }
  
   grok {
  
       match => ["message"," nreturned:%{NUMBER:mongoNumberReturned:int}"]
  
       add_tag => "mongo_profiling_data"
  
   }
  
   grok {
  
       match => ["message"," reslen:%{NUMBER:mongoResultLength:int}"]
  
       add_tag => "mongo_profiling_data"
  
   }
  
   if "mongo_profiling_data" in {
  
      mutate {
  
         remove_tag => "_grokparsefailure"
  
      }
  
   }
  
   if"_grokparsefailure" in {
  
         grep {
  

  
            match => ["message","(Failed|error|SOCKET)"]
  
            add_tag => ["zabbix-sender"]
  
            add_field => [
  
                "zabbix_host","%{host}",
  
                "zabbix_item","mongo.error"
  
#                "send_field","%{message}"
  
                         ]
  

  

  
            }
  
         mutate {
  
                remove_tag => "_grokparsefailure"
  
            }
  
   }
  
}
  
}
  

  

  

  

  

  

  
output {
  

  

  
   stdout {
  
    codec => "rubydebug"
  
          }
  

  
   zabbix {
  
    tags => "zabbix-sender"
  
    host => "zabbixserver"
  
    port => "10051"
  
    zabbix_sender => "/usr/local/zabbix/bin/zabbix_sender"
  
         }
  

  
   redis {
  
   host => "10.4.29.162"
  
   data_type => "list"
  
   key => "logstash"
  
         }
  
       }


页: [1]
查看完整版本: 使用Logstash收集MongoDB日志并通过Zabbix报警