白眉大叔 logstah grok demo
(1)
/etc/logstash/conf.d]#cat nginx-filter-es.conf
input {
file {
start_position => "beginning"
path => ["/var/log/nginx/access.log*"]
}
}
filter {
grok {
match => {
"message" => "%{COMMONAPACHELOG}"
}
}
date {
match => [
# "28/May/2023:16:46:15 +0800"
"timestamp", "dd/MMM/yyyy:HH:mm:ss Z"
]
target => "baimei-timestamp"
}
}
output {
elasticsearch {
hosts => ["10.0.0.111:19200","10.0.0.112:19200","10.0.0.113:19200"]
index => "baimei-nginx-access-%{+yyyy.MM.dd}"
}
stdout {
codec => rubydebug
}
}
注意,我们在测试的时候, 可以先尝试 打开这个调试, 然后再写入 es
stdout {
codec => rubydebug
}运行:
logstash -rf /etc/logstash/conf.d/nginx-filter-es.conf
2 自定义grok正则案例
https://www.elastic.co/guide/en/logstash/7.17/plugins-filters-grok.html
我们先来写一个测试,
比如我们的文本 文件 有一条数据:
wlecom to baimei class32 , 2023
我们需要写一个正则匹配的文件:
这个文件在这个目录下边:
test.patterns 正则文件内容:
SCHOOL [a-z]{9}
CLASS [0-9a-z]{7}
YEAR [\d]{4}
[root@baimeidashu-elk113 /etc/logstash/conf.d]#cat grokdemo.conf
input {
file {
start_position => "beginning"
path => ["/tmp/haha.log"]
}
}
filter {
# 基于正则匹配任意文本
grok {
# 加载自定义变量的存储目录
patterns_dir => ["./patterns/"]
match => {
"message" => "welcome to %{YEAR:year}"
#"message" => "welcome to %{SCHOOL:school}"
}
}
}
output {
stdout {
codec => rubydebug
}
}启动‘
logstash -rf /etc/logstash/conf.d/grokdemo.conf --path.data /tmp/d2
正常解析是这样的:
备注,我这里一直有问题,后期再解决吧。
欢迎来撩 : 汇总all
