[elk@zjtest7-frontend config]$ cat logstash_agent.conf

input {

        file {

                type => "zj_nginx_access"

                path => ["/rsyslog/data/nginx/zjzc/nginx_access0*_log.*"]

                ignore_older => 87400

        }

       file {

                type => "uat_nginx_access"

                path => ["/rsyslog/data/nginx/uat/nginx_access0*_log.*"]

                ignore_older => 87400

        } 

}

filter {

    grok {

        match => {

            "message" => "%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>\S+)\" \"(?<http_x_forwarded_for>\S+)\""

        }

    }

}

output {

     if [type] == "zj_nginx_access" {

        redis {

                host => "192.168.32.67"

                data_type => "list"

                key => "zj_nginx:redis"

                port=>"6379"

                password => "1234567"

        }

}

      else if [type] == "uat_nginx_access"{

       redis {

                host => "192.168.32.67"

                data_type => "list"

                key => "uat_nginx:redis"

                port=>"6379"

                password => "1234567"

        }

}

}

indexer.conf:

input {

        redis {

                host => "192.168.32.67"

                data_type => "list"

                key => "zj_nginx:redis"

                password => "1234567"

                port =>"6379"

        }

        redis {

                host => "192.168.32.67"

                data_type => "list"

                key => "uat_nginx:redis"

                password => "1234567"

                port =>"6379"

        }

}

output {

      if   [type] == "zj_nginx_access"{

        elasticsearch {

                hosts => "192.168.32.80:9200"

                index => "logstash-zjzc-nginx-%{+YYYY.MM.dd}"

        }

		stdout {

			codec => rubydebug

		}

      }

      else if  [type] == "uat_nginx_access"{

      elasticsearch {

                hosts => "192.168.32.81:9200"

                index => "logstash-uat-nginx-%{+YYYY.MM.dd}"

        }

                stdout {

                        codec => rubydebug

                } 

  }

} 

redis消息里有type字段;

127.0.0.1:6379> LPOP "zj_nginx:redis"

"{\"message\":\" 120.26.44.206:8001 120.26.44.206 120.26.44.206 [22/Aug/2016:22:12:58 +0800] \\\"GET / HTTP/1.1\\\" - 200 30626 \\\"-\\\" \\\"curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2\\\" 0.000 -\",\"@version\":\"1\",\"@timestamp\":\"2016-08-22T14:10:55.846Z\",\"path\":\"/rsyslog/data/nginx/zjzc/nginx_access01_log.2016-08-22\",\"host\":\"0.0.0.0\",

\"type\":\"zj_nginx_access\",\"tags\":[\"_grokparsefailure\"]}"

{

       "message" => " 120.26.44.206:8001 120.26.44.206 120.26.44.206 [22/Aug/2016:22:18:58 +0800] \"GET / HTTP/1.1\" - 200 30626 \"-\" \"curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2\" 0.000 -",

      "@version" => "1",

    "@timestamp" => "2016-08-22T14:16:55.738Z",

          "path" => "/rsyslog/data/nginx/zjzc/nginx_access01_log.2016-08-22",

          "host" => "0.0.0.0",

          "type" => "zj_nginx_access",

          "tags" => [

        [0] "_grokparsefailure"

    ]

}

{

       "message" => " 121.40.189.90:8001 121.40.189.90 120.26.44.206 [22/Aug/2016:22:14:13 +0800] \"GET / HTTP/1.1\" - 200 30338 \"-\" \"curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2\" 0.001 -",

      "@version" => "1",

    "@timestamp" => "2016-08-22T14:17:04.110Z",

          "path" => "/rsyslog/data/nginx/uat/nginx_access01_log.2016-08-22",

          "host" => "0.0.0.0",

          "type" => "uat_nginx_access",

          "tags" => [

        [0] "_grokparsefailure"

    ]

}

logstash indexer和shipper的配置的更多相关文章

  1. logstash 自动重新加载配置

    自动重新加载配置 为了可以自动检测配置文件的变动和自动重新加载配置文件,需要在启动的时候使用以下命令: ./bin/lagstash -f configfile.conf --config.reloa ...

  2. 【事件中心 Azure Event Hub】在Linux环境中(Ubuntu)安装Logstash的简易步骤及配置连接到Event Hub

    在文章([事件中心 Azure Event Hub]使用Logstash消费EventHub中的event时遇见的几种异常(TimeoutException, ReceiverDisconnected ...

  3. logstash获取nginx日志的配置

    nginx部分配置直接用json,省去很多麻烦 log_format json '{"@timestamp":"$time_iso8601",' '" ...

  4. logstash中关于Jdbc输入配置选项详解

    Setting Input type Required clean_run boolean No columns_charset hash No connection_retry_attempts n ...

  5. ElasticSearch——Logstash输出到Elasticsearch配置

    位置 在Logstash的.conf配置文件中的output中配置ElasticSearch 示例: output { elasticsearch{ action => "index& ...

  6. logstash安装配置

    vim /usr/local/logstash/etc/hello_search.conf 输入下面: input { stdin { type => "human" }} ...

  7. ELK 架构之 Logstash 和 Filebeat 配置使用(采集过滤)

    相关文章: ELK 架构之 Elasticsearch 和 Kibana 安装配置 ELK 架构之 Logstash 和 Filebeat 安装配置 ELK 使用步骤:Spring Boot 日志输出 ...

  8. logstash 修改配置不重启的方法

    1.修改好yml配置 2.进入logstash 容器内,或服务器上 3.ps -ef | grep logstash 拿到进程号 4.kill -1 <pid> 5.logstash 会重 ...

  9. 第三篇:Logstash 安装配置

    Logstash 简介: Logstash 是一个实时数据收集引擎,可收集各类型数据并对其进行分析,过滤和归纳.按照自己条件分析过滤出符合数据导入到可视化界面.Logstash 建议使用java1.8 ...

随机推荐

  1. 一段phpcurl代码

    $header[] = 'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-fl ...

  2. hdu 2966 In case of failure k-d树

    题目链接 给n个点, 求出每个点到离它最近的点的距离. 直接建k-d树然后查询就可以  感觉十分神奇... 明白了算法原理但是感觉代码还不是很懂... #include <bits/stdc++ ...

  3. Nginx 配置指令的执行顺序(二)

    我们前面已经知道,当 set 指令用在 location 配置块中时,都是在当前请求的 rewrite 阶段运行的.事实上,在此上下文中,ngx_rewrite 模块中的几乎全部指令,都运行在 rew ...

  4. placeholder在不同浏览器下的表现及兼容方法 placeholder兼容

    1.什么是placeholder?    placeholder是html5新增的一个属性,当input或者textarea设置了该属性后,该值的内容将作为灰字提示显示在文本框中,当文本框获得焦点(或 ...

  5. 任何时候都适用的20个C++技巧

    这些小技巧之所以特别,是因为这些信息通常吧不能在C++书籍或者网站上找到.比如说,成员指针,即使对于高级程序员也是比较棘手,和易于产生bugs的,是应该尽量避免的问题之一. <翻 by凌云健笔& ...

  6. OSCHina技术导向:开源企业ERP系统Opentaps

    opentaps Open Source ERP + CRM 基于 Apache OFBiz (The Open For Business Project ) 构建, 是一款设计良好, 逐渐流行起来的 ...

  7. linux之SQL语句简明教程---函数

    既然数据库中有许多资料都是已数字的型态存在,一个很重要的用途就是要能够对这些数字做一些运算,例如将它们总合起来,或是找出它们的平均值.SQL 有提供一些这一类的函数.它们是: AVG (平均) COU ...

  8. bug fix: openstack can not run swift for pyeclib and liberasurecode do not match

    最近在使用devstack 安装openstack nimble项目. nimble项目是一个专业的baremetal管理项目. 安装过程中,遇到这个问题. /opt/stack/swift/bin/ ...

  9. centos curl web站点监控实践

    1,监控给定web站点的状态--站点请求返回代码,下载整个web站点页面文本到-o 指定的文本 curl -o /dev/null -s-silent -w--wirte-out "%{ht ...

  10. hdu 5533 Dancing Stars on Me(数学,水)

    Problem Description The sky was brushed clean by the wind and the stars were cold in a black sky. Wh ...