logstash过滤配置

input {
redis {
host => "127.0.0.1"
port => 6380
data_type => "list"
key => "phgj-list"
}
}
filter {
if [fields][tag] == "ph130-ingcn01" {
grok {
match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
}
date {
match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
target => "@timestamp"
}
}
if [fields][tag] == "ph130-phing" {
grok {
match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
}
date {
match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
target => "@timestamp"
}
}
if [fields][tag] == "ph130-route" {
grok {
match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
}
date {
match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
target => "@timestamp"
}
}
if [fields][tag] == "ph130-savetask" {
grok {
match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
}
date {
match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
target => "@timestamp"
}
}
if [fields][tag] == "ph130-deletetask" {
grok {
match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
}
date {
match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
target => "@timestamp"
}
}
if [fields][tag] == "ph130-endtime" {
grok {
match => {"message" => "[(?<api_time>%{NOTSPACE}%{SPACE}%{NOTSPACE})]s*<%{NOTSPACE:api_queue}>s*-s*%{NOTSPACE:api_level}s*-s*%{NOTSPACE:api_method}.*"}
}
date {
match => ["api_time", "yyyy/MM/dd HH:mm:ss.SSS"]
target => "@timestamp"
}
}
}
output {
if [fields][tag] == "ph130-ingcn01" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "iisph130-ingcn01-log"
}
}
if [fields][tag] == "ph130-phing" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "iisph130-phing-log"
}
}
if [fields][tag] == "ph130-route" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "iisph130-route-log"
}
}
if [fields][tag] == "ph130-savetask" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "iisph130-savetask-log"
}
}
if [fields][tag] == "ph130-deletetask" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "iisph130-deletetask-log"
}
}
if [fields][tag] == "ph130-endtime" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "iisph130-endtime-log"
}
}
}

【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/liqing1009/p/8413565.html