Logstash输出日志到elasticsearch
Logstash配置文件# vim useTime.conf
input {
stdin{}
}
filter {
grok {
match => {
"message" =>"\s+(?调用.*(用时|异常)).*useTime=(?\d+?)$"
}
}
}
output {
stdout{
codec => rubydebug
}
elasticsearch {
hosts =>["192.168.81.128:9200"]
index =>"logstash-%{type}-%{+YYYY.MM.dd}"
document_type => "%{type}"
workers => 1
template_overwrite => true
}
}
#
测试对应的日志
`B10005-15` impl.GzClientServiceImpl.exec:234 - 调用gz(广州银行)用时,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=251
`B10005-15` impl.GzClientServiceImpl.exec:234 - 调用gz(广州银行)异常,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=2510
测试结果
# /opt/logstash-2.3.4/bin/logstash -f useTime.conf
Settings:Default pipeline workers: 1
Pipeline mainstarted
`B10005-15` impl.GzClientServiceImpl.exec:234 - 调用gz(广州银行)用时,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=251
{
"message" => " `B10005-15` impl.GzClientServiceImpl.exec:234 - 调用gz(广州银行)用时,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=251",
"@version" =>"1",
"@timestamp" =>"2016-07-31T01:28:26.910Z",
"host" =>"0.0.0.0",
"API" => "调用gz(广州银行)用时",
"request_time" =>"251"
}
`B10005-15` impl.GzClientServiceImpl.exec:234 - 调用gz(广州银行)异常,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=2510
{
"message" => " `B10005-15` impl.GzClientServiceImpl.exec:234 - 调用gz(广州银行)异常,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=2510",
"@version" =>"1",
"@timestamp" =>"2016-07-31T01:28:47.205Z",
"host" =>"0.0.0.0",
"API" => "调用gz(广州银行)异常",
"request_time" =>"2510"
}
查看elasticsearch状态
http://s2.运维网.com/wyfs02/M01/85/37/wKioL1edWInh7i1hAACnMW9xVt8201.png
Over !!
页:
[1]