logstash同步文件到es

单文件文本同步到ES

input {
    file {
        path=> [ "C:/JWD/logs/*.log" ]
        #path=> [ "C:/JWD/server/nginx/logs/*.log",
        #    "C:/JWD/server/Debug/log/*.log" ]
        start_position => beginning
        stat_interval => 1 #设置多长时间检测文件是否修改 默认是1s
        #tags => "test" #添加标签
        #设置多长时间扫描目录,发现新文件
        discover_interval => 15
        # 设置监听间隔 各字段含义(从左至右)分、时、天、月、年,全为*默认含义为每分钟都更新
    }
}

filter {
    json{
        source => "message"
    }
    mutate{
        remove_field => ["message"]
        #add_field => {"test"=>"test"}
    }
#    mutate{
#		remove_field => ["host","path","message","@timestamp","@version"]
#    }
}
#https://blog.csdn.net/zhousenshan/article/details/81023857
#https://blog.csdn.net/yelllowcong/article/details/80846752
output {
     elasticsearch {
       action => "index"
       hosts => "127.0.0.1:9200"
       index => "ls_%{+YYYYMMdd}_lua_log"
       document_type => "ls_%{+YYYYMMdd}_lua_log"
     }
     stdout {
       codec => json
     }
}

多文件文本同步到ES

input {
    file {
        type => "log1"
        path=> [ "C:\JWD\Logs/*" ]
        start_position => beginning
        stat_interval => 1 #设置多长时间检测文件是否修改 默认是1s
        #tags => "test" #添加标签
        #设置多长时间扫描目录,发现新文件
        discover_interval => 15
        # 设置监听间隔 各字段含义(从左至右)分、时、天、月、年,全为*默认含义为每分钟都更新
    }
    file {
        type => "log2"
        path=> [ "C:\JWD\LSDC/*" ]   
        start_position => beginning
        stat_interval => 1 #设置多长时间检测文件是否修改 默认是1s
        #tags => "test" #添加标签
        #设置多长时间扫描目录,发现新文件
        discover_interval => 15
        # 设置监听间隔 各字段含义(从左至右)分、时、天、月、年,全为*默认含义为每分钟都更新
    }
}

filter {
    json{
        source => "message"
    }
    mutate{
        remove_field => ["message"]
        #add_field => {"test"=>"test"}
    }
#    mutate{
#		remove_field => ["host","path","message","@timestamp","@version"]
#    }
}
#https://blog.csdn.net/zhousenshan/article/details/81023857
#https://blog.csdn.net/yelllowcong/article/details/80846752
output {
     if [type] == "log1"{
        elasticsearch {
        action => "index"
        hosts => "127.0.0.1:9204"
        index => "ls_%{+YYYYMMdd}_lua_log"
        document_type => "ls_%{+YYYYMMdd}_lua_log"
        }
     }
     if [type] == "log2"{
        elasticsearch {
        action => "index"
        hosts => "127.0.0.1:9204"
        index => "ls_%{+YYYYMMdd}_lsdc_log"
        document_type => "ls_%{+YYYYMMdd}_lsdc_log"
        }
     }
     stdout {
       codec => json
     }
}

启动代码:logstash -f analysis.conf   (其中analysis.conf问配置文件的文件名,在bin目录下)

版权声明:本文为qq_41889087原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。