logstash 的 配置文件

时间:2024-06-04 18:02:56
[root@--- etc]# cat test_front_console.conf
input {
beats {
type => beats
port =>
}
}
filter {
if [type] == 'test-front' {
multiline {
pattern => ".*##.*"
negate => true
what => "previous"
}
grok {
patterns_dir => "/data/package/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.5/patterns"
match => {"message"=>"%{DATA:date} %{LOGLEVEL:LEVEL} %{JAVACLASS:class} %{NOTSPACE:thread} %{NOTSPACE:requestId} %{MSG:msg}"}
remove_field => ['@version']
remove_field => ['message']
remove_field => ['offset']
remove_field => ['source']
remove_field => ['input_type']
remove_field => ['beat']
}
}
if [type] == 'test-esb' {
multiline {
pattern => ".*##.*"
negate => true
what => "previous"
}
grok {
remove_field => ['@version']
remove_field => ['offset']
remove_field => ['source']
remove_field => ['input_type']
remove_field => ['beat']
}
}
} output {
if [type] == 'test-front' {
elasticsearch {
hosts => ["10.19.148.59:9200"]
index => "test-front-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
if [type] == 'test-esb' {
elasticsearch {
hosts => ["10.19.148.59:9200"]
index => "test-esb-%{+YYYY.MM.dd}"
}
}
}

添加下面一个正则表达式

[root@10-19-148-59 patterns]# cat msg
MSG (.|\r|\n)*