天天看點
傳回

Logstash輸出日志到elasticsearch

Logstash配置檔案

<code>[root@test ~]# vim useTime.conf</code>

<code>input {</code>

<code>    stdin{}</code>

<code>}</code>

<code>filter {</code>

<code>    grok {</code>

<code>        match =&gt; {</code>

<code>            "message" =&gt; "\s+(?&lt;API&gt;調用.*(用時|異常)).*useTime=(?&lt;request_time&gt;\d+?)$"</code>

<code>        }</code>

<code>    }</code>

<code>output {</code>

<code>    stdout{</code>

<code>        codec =&gt; rubydebug</code>

<code>elasticsearch {</code>

<code>        hosts =&gt; ["192.168.81.128:9200"]</code>

<code>        index =&gt; "logstash-%{type}-%{+YYYY.MM.dd}"</code>

<code>        document_type =&gt; "%{type}"</code>

<code>        workers =&gt; 1</code>

<code>        template_overwrite =&gt; true</code>

<code>[root@test ~]#</code>

<code> </code>

<code>測試對應的日志</code>

<code>[07/29 00:01:17] [INFO] `B10005-15` impl.GzClientServiceImpl.exec:234 - 調用gz(廣州銀行)用時,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=251</code>

<code>[07/29 00:01:17] [INFO] `B10005-15` impl.GzClientServiceImpl.exec:234 - 調用gz(廣州銀行)異常,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=2510</code>

<code>測試結果</code>

<code>[root@test ~]# /opt/logstash-2.3.4/bin/logstash -f useTime.conf</code>

<code>Settings: Default pipeline workers: 1</code>

<code>Pipeline main started</code>

<code>{</code>

<code>         "message" =&gt; "[07/29 00:01:17] [INFO] `B10005-15` impl.GzClientServiceImpl.exec:234 - 調用gz(廣州銀行)用時,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=251",</code>

<code>        "@version" =&gt; "1",</code>

<code>      "@timestamp" =&gt; "2016-07-31T01:28:26.910Z",</code>

<code>            "host" =&gt; "0.0.0.0",</code>

<code>             "API" =&gt; "調用gz(廣州銀行)用時",</code>

<code>    "request_time" =&gt; "251"</code>

<code>         "message" =&gt; "[07/29 00:01:17] [INFO] `B10005-15` impl.GzClientServiceImpl.exec:234 - 調用gz(廣州銀行)異常,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=2510",</code>

<code>      "@timestamp" =&gt; "2016-07-31T01:28:47.205Z",</code>

<code>             "API" =&gt; "調用gz(廣州銀行)異常",</code>

<code>    "request_time" =&gt; "2510"</code>

<code>檢視elasticsearch狀态</code>

<a href="http://s2.51cto.com/wyfs02/M01/85/37/wKioL1edWInh7i1hAACnMW9xVt8201.png" target="_blank"></a>

<code>Over !!</code>

本文轉自 cexpert 51CTO部落格,原文連結:http://blog.51cto.com/cexpert/1832265

監控 測試技術 api ElasticSearch日志索引 Elasticsearch索引 elasticsearch日志 ElasticSearch索引文檔 ElasticSearch索引庫
上一篇: Java 面試題基礎概念收集(進階)
下一篇: Logstash過濾插件grok簡單測試

繼續閱讀