logstsh input插件
stdin
输入插件:可以管道输入,也可以从终端交互输入
通用配置:
codec:类型为codec
type:类型为string自定义该事件类型,可用于后续判断
tags:类型为array,自定义事件的tag,可用于后续判断
add_field:类型为hash,为该事件添加字段
input{
stdin{
codec => “plain”
tags => [“test”]
type => “std”
add_field => {“key”=>”value”}
}
}
output{
stdout{
codec => “rubydebug”
}
}
[root@localhost logstash-6.3.1]# echo “test”|./bin/logstash -f config/test.conf
{
“@version” => “1”,
“key” => “value”,
“message” => “test”,
“type” => “std”,
“tags” => [
[0] “test”
],
“host” => “localhost”,
“@timestamp” => 2019-03-24T12:20:16.334Z
}
file
从文件读取数据,如常见的日志文件
配置:
path => [“/var/log/**/*.log”,”/var/log/message”] 文件位置
exclude => “*.gz” 不读取哪些文件
sincedb_path => “/var/log/message” 记录sincedb文件路径
start_position => “beginning” 或者”end” 是否从头读取文件
stat_interval => 1000 单位秒,定时检查文件是否有更新,默认1S
input {
file {
path => [“/home/elk/logstsh/config/nginx_logs”]
start_position => “beginning”
type => “web”
}
}
output {
stdout {
codec => “rubydebug”
}
}
{
“path” => “/home/elk/logstsh/config/nginx_logs”,
“message” => “79.136.114.202 – – [04/Jun/2015:07:06:35 +0000] \”GET /downloads/product_1 HTTP/1.1\” 404 334 \”-\” \”Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.22)\””,
“@timestamp” => 2019-03-24T12:47:20.900Z,
“host” => “localhost”,
“type” => “web”,
“@version” => “1”
}
Elasticsearch
想要了解跟多关于大数据培训课程内容欢迎关注尚硅谷大数据培训,尚硅谷除了这些技术文章外还有免费的高质量大数据培训课程视频供广大学员下载学习。