Logstash配置文件
[root@test ~]# vim useTime.conf
input {
stdin{}
}
filter {
grok {
match => {
"message" =>"\s+(?<API>调用.*(用时|异常)).*useTime=(?<request_time>\d+?)$"
}
}
}
output {
stdout{
codec => rubydebug
}
elasticsearch {
hosts =>["192.168.81.128:9200"]
index =>"logstash-%{type}-%{+YYYY.MM.dd}"
document_type => "%{type}"
workers => 1
template_overwrite => true
}
}
[root@test~]#
测试对应的日志
[07/2900:01:17] [INFO] [[B10005-15]] impl.GzClientServiceImpl.exec:234 - 调用gz(广州银行)用时,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=251
[07/2900:01:17] [INFO] [[B10005-15]] impl.GzClientServiceImpl.exec:234 - 调用gz(广州银行)异常,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=2510
测试结果
[root@test~]# /opt/logstash-2.3.4/bin/logstash -f useTime.conf
Settings:Default pipeline workers: 1
Pipeline mainstarted
[07/2900:01:17] [INFO] [[B10005-15]] impl.GzClientServiceImpl.exec:234 - 调用gz(广州银行)用时,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=251
{
"message" => "[07/2900:01:17] [INFO] [[B10005-15]] impl.GzClientServiceImpl.exec:234 - 调用gz(广州银行)用时,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=251",
"@version" =>"1",
"@timestamp" =>"2016-07-31T01:28:26.910Z",
"host" =>"0.0.0.0",
"API" => "调用gz(广州银行)用时",
"request_time" =>"251"
}
[07/2900:01:17] [INFO] [[B10005-15]] impl.GzClientServiceImpl.exec:234 - 调用gz(广州银行)异常,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=2510
{
"message" => "[07/2900:01:17] [INFO] [[B10005-15]] impl.GzClientServiceImpl.exec:234 - 调用gz(广州银行)异常,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=2510",
"@version" =>"1",
"@timestamp" =>"2016-07-31T01:28:47.205Z",
"host" =>"0.0.0.0",
"API" => "调用gz(广州银行)异常",
"request_time" =>"2510"
}
查看elasticsearch状态
Over !!
本文出自 “cexpert” 博客,请务必保留此出处http://cexpert.blog.51cto.com/5251990/1832265