logstash 安装插件multiline
一、安装multiline
在使用elk 传输记录 java 日志时,如下
一个java的报错
在elk中会按每一行 产生多条记录,不方便查阅
这里修改配置文件 使用 multiline 插件 即可实现多行合一的 输出模式
修改配置文件
# vi /etc/logstash/conf.d/logstash.conf
input {
file {
path => "/w_logs/error.log.2018-06-05"
type => "test"
}
}
filter {
multiline {
pattern => "^\d{4}-\d{1,2}-\d{1,2}\s\d{1,2}:\d{1,2}:\d{1,2}"
negate => true
what => "previous"
}
grok {
match => [ "message", "%{NOTSPACE:day} %{NOTSPACE:datetime} %{NOTSPACE:level} %{GREEDYDATA:msginfo} " ]
}
}
output {
if [type] == "test" {
elasticsearch {
hosts => ["10.10.15.95:9200"]
index => "12.83-test"
}
}
}
修改完 重启logstash
报错:
[ERROR] -- ::59.834 [Ruby--Thread-: /usr/share/logstash/vendor/bundle/jruby/2.3./gems/stud-0.0./lib/stud/task.rb:] registry - Tried to load a plugin's code, but failed.
{:exception=>#<LoadError: no such file to load -- logstash/filters/multiline>, :path=>"logstash/filters/multiline", :type=>"filter", :name=>"multiline"}
[ERROR] -- ::59.838 [Ruby--Thread-: /usr/share/logstash/vendor/bundle/jruby/2.3./gems/stud-0.0./lib/stud/task.rb:] agent -
Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::PluginLoadingError", :message=>"Couldn't find any filter plugin named 'multiline'. Are you sure this is correct? Trying to load the multiline filter plugin resulted in this error: no such file to load -- logstash/filters/multiline", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:192:in `lookup_pipeline_plugin'", "/usr/share/logstash/logstash-core/lib/logstash/plugin.rb:140:in `lookup'", "/usr/share/logstash/logstash-core/lib/logs
提示缺少 插件 filters/multiline
我们看看logstash都安装了哪些插件
# /usr/share/logstash/bin/logstash-plugin list
logstash-codec-cef
logstash-codec-collectd
logstash-codec-dots
logstash-codec-edn
logstash-codec-edn_lines
logstash-codec-es_bulk
logstash-codec-fluent
logstash-codec-graphite
logstash-codec-json
logstash-codec-json_lines
logstash-codec-line
logstash-codec-msgpack
logstash-codec-multiline
logstash-codec-netflow
logstash-codec-plain
logstash-codec-rubydebug
logstash-filter-aggregate
logstash-filter-anonymize
logstash-filter-cidr
logstash-filter-clone
logstash-filter-csv
logstash-filter-date
logstash-filter-de_dot
logstash-filter-dissect
logstash-filter-dns
logstash-filter-drop
logstash-filter-elasticsearch
logstash-filter-fingerprint
logstash-filter-geoip
logstash-filter-grok
logstash-filter-jdbc_static
logstash-filter-jdbc_streaming
logstash-filter-json
logstash-filter-kv
logstash-filter-metrics
logstash-filter-mutate
logstash-filter-ruby
logstash-filter-sleep
logstash-filter-split
logstash-filter-syslog_pri
logstash-filter-throttle
logstash-filter-translate
logstash-filter-truncate
logstash-filter-urldecode
logstash-filter-useragent
logstash-filter-xml
logstash-input-beats
logstash-input-dead_letter_queue
logstash-input-elasticsearch
logstash-input-exec
logstash-input-file
logstash-input-ganglia
logstash-input-gelf
logstash-input-generator
logstash-input-graphite
logstash-input-heartbeat
logstash-input-http
logstash-input-http_poller
logstash-input-imap
logstash-input-jdbc
logstash-input-kafka
logstash-input-pipe
logstash-input-rabbitmq
logstash-input-redis
logstash-input-s3
logstash-input-snmptrap
logstash-input-sqs
logstash-input-stdin
logstash-input-syslog
logstash-input-tcp
logstash-input-twitter
logstash-input-udp
logstash-input-unix
logstash-output-cloudwatch
logstash-output-csv
logstash-output-elasticsearch
logstash-output-email
logstash-output-file
logstash-output-graphite
logstash-output-http
logstash-output-kafka
logstash-output-lumberjack
logstash-output-nagios
logstash-output-null
logstash-output-pagerduty
logstash-output-pipe
logstash-output-rabbitmq
logstash-output-redis
logstash-output-s3
logstash-output-sns
logstash-output-sqs
logstash-output-stdout
logstash-output-tcp
logstash-output-udp
logstash-output-webhdfs
logstash-patterns-core
有一个logstash-codec-multiline
并没有我们需要的 logstash-filter-multiline
我们来安装这个插件,先看一下 logstash-plugin 的用法
Usage:
bin/logstash-plugin [OPTIONS] SUBCOMMAND [ARG] ... Parameters:
SUBCOMMAND subcommand
[ARG] ... subcommand arguments Subcommands:
list List all installed Logstash plugins
install Install a Logstash plugin
remove Remove a Logstash plugin
update Update a plugin
pack Package currently installed plugins, Deprecated: Please use prepare-offline-pack instead
unpack Unpack packaged plugins, Deprecated: Please use prepare-offline-pack instead
generate Create the foundation for a new plugin
uninstall Uninstall a plugin. Deprecated: Please use remove instead
prepare-offline-pack Create an archive of specified plugins to use for offline installation Options:
-h, --help print help
安装插件是 # logstash-plugin install logstash-filter-multiline
# logstash-plugin install logstash-filter-multiline
Validating logstash-filter-multiline
Installing logstash-filter-multiline
Installation successfu
二、multiline 使用方法
codec =>multiline {
charset=>... #可选 字符编码
max_bytes=>... #可选 bytes类型 设置最大的字节数
max_lines=>... #可选 number类型 设置最大的行数,默认是500行
multiline_tag... #可选 string类型 设置一个事件标签,默认是multiline
pattern=>... #必选 string类型 设置匹配的正则表达式
patterns_dir=>... #可选 array类型 可以设置多个正则表达式
negate=>... #可选 boolean类型 默认false不显示,可设置ture
what=>... #必选 向前previous , 向后 next
}
## negate 只支持布尔值,true 或者false,默认为false。
如果设置为true,表示与正则表达式(pattern)不匹配的内容都需要整合,
具体整合在前还是在后,看what参数。如果设置为false,即与pattern匹配的内容
## what 前一行 或者后一行,指出上面对应的规则与前一行内容收集为一行,还是与后一行整合在一起
简单来说:
negate默认是 false,不显示
与patten匹配的行
由what决定 向前或向后 匹配
negate 设置为true
则与patten 不匹配的行
由what决定 向前或向后 匹配
logstash 安装插件multiline的更多相关文章
- logstash安装插件修改使用的gem源
gem source -l # 查看当前使用的gem源 gem source --remove https://rubygems.org/ # 移除gem源 gem source -a https:/ ...
- logstash 安装 配置
1.Logstash 安装:在产生日志的服务器上安装 Logstash1.安装java环境 # yum install java-1.8.0-openjdk.x86_642.安装logstash(使用 ...
- logstash常用插件解析
官方地址:https://www.elastic.co/guide/en/logstash-versioned-plugins/current/index.html 配置文件写法: # 日志导入inp ...
- logstash安装及基础入门
Logstash是一款开源的数据收集引擎,具备实时管道处理能力.简单来说,logstash作为数据源与数据存储分析工具之间的桥梁,结合 ElasticSearch以及Kibana,能够极大方便数据的处 ...
- Logstash zabbix 插件
zabbix 监控 logstash 安装社区扩展包wget http://download.elasticsearch.org/logstash/logstash/logstash-contrib- ...
- 第三篇:Logstash 安装配置
Logstash 简介: Logstash 是一个实时数据收集引擎,可收集各类型数据并对其进行分析,过滤和归纳.按照自己条件分析过滤出符合数据导入到可视化界面.Logstash 建议使用java1.8 ...
- Logstash的插件
Logstash的插件: input插件: File:从指定的文件中读取事件流: 使用FileWatch(Ruby Gem库)监听文件的变化. .sincedb:记录了每个被监听的文件的inode, ...
- Logstash过滤插件
filter初级 Logstash安装 ### 设置YUM源 # rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch # t ...
- ElasticStack之Logstash安装
服务器环境 操作系统 Host:port node 1 CentOS 7.2.1511 11.1.11.127:9200 node1 2 CentOS 7.2.1511 11.1.11.128:920 ...
随机推荐
- cf 450b 矩阵快速幂(数论取模 一大坑点啊)
Jzzhu has invented a kind of sequences, they meet the following property: You are given x and y, ple ...
- C++数值计算
1.序 (1)程序设计分两种: 1.结构化设计(面向过程)——分解算法为模块,将算法的步骤分解为模块. 2.面向对象程序设计——主要是“类”与“对象”. (2)进制的转换 1.二进制转十进制 整数部分 ...
- [bzoj2186] [洛谷P2155] [Sdoi2008] 沙拉公主的困惑
Description 大富翁国因为通货膨胀,以及假钞泛滥,政府决定推出一项新的政策:现有钞票编号范围为1到N的阶乘,但是,政府只发行编号与M!互质的钞票.房地产第一大户沙拉公主决定预测一下大富翁国现 ...
- [bzoj1297] [洛谷P4159] [SCOI2009] 迷路
Description windy在有向图中迷路了. 该有向图有 N 个节点,windy从节点 0 出发,他必须恰好在 T 时刻到达节点 N-1. 现在给出该有向图,你能告诉windy总共有多少种不同 ...
- 01Java语言基础
[实验任务四]: 1.程序设计思想 根据RandomStr.java,随机生成6位字母,在对话框中输出,用户根据随机生成的验证码对应输入,程序根据用户输入的内容与系统随机生成的验证码字符比较,若相等, ...
- 「 从0到1学习微服务SpringCloud 」11 补充篇 RabbitMq实现延迟消费和延迟重试
Mq的使用中,延迟队列是很多业务都需要用到的,最近我也是刚在项目中用到,就在跟大家讲讲吧. 何为延迟队列? 延迟队列就是进入该队列的消息会被延迟消费的队列.而一般的队列,消息一旦入队了之后就会被消费者 ...
- XSS Cheat Sheet
Basic and advanced exploits for XSS proofs and attacks. Work in progress, bookmark it. Technique Vec ...
- azure 第一弹
- 英语学习app——Alpha发布2
英语学习app--Alpha发布1 这个作业属这个作业属于哪个课程 https://edu.cnblogs.com/campus/xnsy/GeographicInformationScience/ ...
- HTTP负责均衡模块(HTTP Upstream)
这个模块为后端的服务器提供简单的负载均衡(轮询(round-robin)和连接IP(client IP))如下例: upstream backend { server backend1.examp ...