filebeat.yml配置和logstash.conf

(1)

filebeat.prospectors:

- input_type: log

paths:

- /log/abcbillserver.log

#- /home/haoren/data/filebeat-5.0.2-linux-x86_64/test.log

encoding: gbk

symlinks: true

include_lines: ['\[.*?统计\]','\[.*?结算\]']

document_type: billbijiesuan

fields_under_root: true

fields:

host: 192.168.10.7

processors:

- drop_fields:

#fields: ["beat.hostname", "beat.name", "beat.version", "input_type", "beat"]

fields: ["input_type", "beat", "offset", "source"]

output.redis:

enabled: true

hosts: ["192.168.10.8"]

password: "A8841c09BAD52E63067C4DA"

port: 6379

datatype: list

key: "filebeat"

db: 0

output.file:

enabled: false

path: "/tmp/filebeat"

output.console:

enabled: false

(2)

filebeat.prospectors:

- input_type: log

paths:

- /log/cactivityserver.log

#- /home/haoren/data/filebeat-5.0.2-linux-x86_64/test.log

encoding: gbk

symlinks: true

include_lines: ['\[.*?统计\]','\[.*?结算\]']

document_type: activityserver

fields_under_root: true

fields:

host: 192.168.10.13

- input_type: log

paths:

- /log/fvchannelserver.log

#- /home/haoren/data/filebeat-5.0.2-linux-x86_64/test.log

encoding: gbk

symlinks: true

include_lines: ['\[.*?统计\]','\[.*?结算\]']

document_type: vchannelserver

fields_under_root: true

fields:

host: 192.168.10.13

processors:

- drop_fields:

#fields: ["beat.hostname", "beat.name", "beat.version", "input_type", "beat"]

fields: ["input_type", "beat", "offset", "source"]

output.redis:

enabled: true

hosts: ["192.168.10.8"]

password: "A8841c09BAD52E63067C4DA"

port: 6379

datatype: list

key: "filebeat"

db: 0

output.file:

enabled: false

path: "/tmp/filebeat"

output.console:

enabled: false

logstash.conf 如下

input {

redis {

host => ["192.168.10.8"]

port => 6379

password => "A8841c09BAD52E63067C4DA"

data_type => "list"

key => "logstash"

codec => json {

charset => "UTF-8"

}

filter {

ruby {

code=>"event.set('daytag',event.timestamp.time.localtime.strftime('%Y.%m.%d'))"

}

output {

elasticsearch {

hosts => ["127.0.0.1:19200"]

index => "%{type}-%{daytag}"

#index => "%{type}-%{+yyyy.MM.dd}"

user => "logstashserver"

password => "A950C0FB2D833E42C1AC59210CD5CDF8"

}

cat /home/haoren/data/logstash-5.0.2/billserver.conf

input {
file {
path => "/log/abcbillserver.log"
codec => plain {
charset => "GBK"
}
#start_position => "beginning"
#sincedb_path => "/dev/null"
type => "billserver"
}
}

filter {
if ([message] =~ "人民币统计"){
mutate {replace => { "type" => "dubijiesuan" }}
grok {
#170208-10:00:28 Bill[40268] INFO: [人民币结算]时间(1486519228),用户ID(30581009),原来人民币(12567),现在人民币(16567),人民币操作(1),增加(4000),操作类型(19),操作详情(2),操作数量(0).描述:通用人民币操作
#170208-10:00:01 Bill[40268] INFO: [人民币结算]时间(1486519201),用户ID(22327945),原来人民币(2572),现在人民币(2532),人民币操作(2),扣除(40),操作类型(19),操作详情(15),操作数量(0).描述:通用人民币操作
match => [ "message", "(?(?>\d{6}-\d\d:\d\d:\d\d)) Bill\[\d+\] INFO: \[人民币结算\]时间\(%{NUMBER:time:int}\),用户ID\(%{NUMBER:userid:int}\),原来人民币\(%{NUMBER:oldcoin:int}\),现在人民币\(%{NUMBER:currentcoin:int}\),人民币操作\(%{NUMBER:coinop:int}\),%{DATA:sop}\(%{NUMBER:coinnum:int}\),操作类型\(%{NUMBER:optype:int}\),操作详情\(%{NUMBER:opdetail:int}\),操作数量\(%{NUMBER:opnum:int}\).描述:%{DATA:sinfo}"]
}
}
else{
drop{}
}
date {
match => ["datetime", "yyMMdd-HH:mm:ss"]
#timezone => ["Asia/Hong_Kong"]
#remove_field => ["time"]
}
ruby {
code => "event.timestamp.time.localtime"
}
mutate {
#some pc no host
replace => { "host" => "192.168.10.7" }
}
}

output {
#stdout {
# codec => plain {
# charset => "UTF-8"
# #charset => "GBK"
# }
#}
#file {
# path => "/tmp/logstash.log"
# codec => json {
# charset => "UTF-8"
# }
#}
redis {
host => ["192.168.10.18"]
port => 6379
data_type => "list"
key => "logstash"
password => "A8841c09BAD52E63067C4DA"
codec => json {
charset => "UTF-8"
}
}
}

cat /home/haoren/data/logstash-5.0.2/activityserver.conf

input {
file {
path => "/log/aactivityserver.log"
codec => plain {
charset => "GBK"
}
#start_position => "beginning"
#sincedb_path => "/dev/null"
type => "aactivityserver"
}
}

filter {
if ([message] =~ "运统计"){
mutate {replace => { "type" => "activityescort" }}
grok {
#161201-13:12:28 ActivityServer[17701] INFO: [Escort.cpp:595] [统计]序号(53)用户(23619530)(攻)值(4360)暴击率(4)使用道具(57)本次花费(0)本总花费(0)车原始量(1706792)剩余量(1702432)总值(4360)
match => [ "message", "(?(?>\d{6}-\d\d:\d\d:\d\d)) ActivityServer\[\d+\].*?INFO: \[.*?\] \[运镖统计\]序号\(%{NUMBER:carid:int}\)用户\(%{NUMBER:userid:int}\)\(%{DATA:sop}\).*?\(%{NUMBER:itemvalue:int}\)暴击率\(%{NUMBER:baoji:int}\)使用道具\(%{NUMBER:itemid:int}\)本次花费\(%{NUMBER:coin:int}\)本总花费\(%{NUMBER:allusercoin:int}\)车原始量\(%{NUMBER:oldblood:int}\)剩余量\(%{NUMBER:blood:int}\)总值\(%{NUMBER:allvalue:int}\)"]
}
}
else if ([message] =~ "运通用奖励"){
mutate {replace => { "type" => "activityescort" }}
grok {
#161201-13:15:16 ActivityServer[17701] INFO: [运]序号(54), [运通用奖励] 用户(21772699)奖励方式(0)奖励类型(34)购物车ID(61)数量(16)
match => [ "message", "(?(?>\d{6}-\d\d:\d\d:\d\d)) ActivityServer\[\d+\] INFO: \[运\]序号\(%{NUMBER:carid:int}\), \[运通用奖励\] 用户\(%{NUMBER:userid:int}\)奖励方式\(%{NUMBER:method:int}\)奖励类型\(%{NUMBER:addtype:int}\)包裹ID\(%{NUMBER:itemid:int}\)数量\(%{NUMBER:num:int}\)"]
}
}
else{
drop{}
}
date {
match => ["datetime", "yyMMdd-HH:mm:ss"]
#timezone => ["Asia/Hong_Kong"]
#remove_field => ["time"]
}
ruby {
code => "event.timestamp.time.localtime"
}
mutate {
#some pc no host
replace => { "host" => "192.168.10.13" }
}
}

output {
#stdout {
# codec => plain {
# charset => "UTF-8"
# #charset => "GBK"
# }
#}
#file {
# path => "/tmp/logstash.log"
# codec => json {
# charset => "UTF-8"
# }
#}
redis {
host => ["192.168.10.8"]
port => 6379
data_type => "list"
key => "logstash"
password => "A8841c09BAD52E63067C4DA"
codec => json {
charset => "UTF-8"
}
}
}

cat /home/haoren/data/filebeat-5.0.2-linux-x86_64/filebeat.yml

filebeat.prospectors:
- input_type: log
paths:
- /log/billserver.log
#- /home/haoren/data/filebeat-5.0.2-linux-x86_64/test.log
encoding: gbk
symlinks: true
include_lines: ['\[.*?统计\]','\[.*?结算\]']
document_type: billserver
fields_under_root: true
fields:
host: 192.168.10.7

processors:
- drop_fields:
#fields: ["beat.hostname", "beat.name", "beat.version", "input_type", "beat"]
fields: ["input_type", "beat", "offset", "source"]

output.redis:
enabled: true
hosts: ["192.168.10.18"]
password: "A8841c09BAD52E63067C4DA"
port: 6379
datatype: list
key: "filebeat"
db: 0

output.file:
enabled: false
path: "/tmp/filebeat"

output.console:
enabled: false

本文转自 chengxuyonghu 51CTO博客，原文链接：http://blog.51cto.com/6226001001/1896050，如需转载请自行联系原作者

filebeat.yml配置和logstash.conf相关推荐

使用Filebeat采集日志结合logstash过滤出特定格式的日志至Elasticsearch
使用Filebeat采集日志结合logstash过滤出特定格式的日志文章目录使用Filebeat采集日志结合logstash过滤出特定格式的日志 ELK搭建什么是Filebeat 什么是Logs ...
Logstash 参考指南（使用Filebeat Modules配置示例）
使用Filebeat Modules配置示例本节中的示例展示了如何构建用于解析Filebeat模块收集的数据的Logstash管道: Apache 2日志本例中的Logstash管道配置展示了如何 ...
FileBeat的配置及启动
filebeat配置详解z 转载至 filebeat配置详解 - decq! - 博客园配置主要是通过yml文件进行的,主要参数如下: (1)字段解释 paths:指定要监控的日志,目前按照Go语言 ...
spring boot读取yml配置集合,反射实战!
一 . 手动从spring中获取bean对象,工具类 package com.meeno.wzq.util;import org.springframework.beans.BeansExceptio ...
通过 .gitlab-ci.yml配置任务-官方配置文件翻译
Gitlab CI yaml官方配置文件翻译通过 .gitlab-ci.yml配置任务 [TOC] 来源:https://github.com/Fennay/git... 此文档用于描述.gitla ...
dubbo yml配置_Spring boot 的profile功能如何实现多环境配置自动切换
通常服务端应用开发需要经过以下几个流程: 开发 -> 测试 -> RC验证 -> 上线这就涉及到四个不同的环境,开发环境.测试环境.RC环境以及生产环境,为了避免不同环境之间相互干 ...
配置yml_dctc:生成docker-compose.yml配置的工具
有时候,我们需要想知道docker容器的运行参数.环境变量等配置,以便容器以后被删掉之后,可以重新运行起来.特别是在测试环境,有些容器可能就是一个`docker run`就运行起来了.或者随便找一个目 ...
apache 虚拟主机详细配置：http.conf配置详解
Apache的配置文件http.conf参数含义详解 Apache的配置由httpd.conf文件配置,因此下面的配置指令都是在httpd.conf文件中修改. 主站点的配置(基本配置) (1) 基本 ...
nginx配置多个conf文件
今天整理了下,在centos 7.6 系统下怎么配置多个conf文件. step 1:在nginx.conf文件所在目录新建conf.d目录,即mkdir conf.d,为确保权限能够访问到 chmo ...

filebeat.yml配置和logstash.conf

filebeat.yml配置和logstash.conf相关推荐

最新文章

热门文章