filebeat+logstash配置

一. filebeat.yml的配置

filebeat.prospectors:
- input_type: log
paths:
- /tmp/logs/optimus-activity-api.log
document_type: "czh-uat-activity"
multiline:
pattern: '^\s*("{)'
negate: true
match: after
max_lines: 1000
timeout: 30s
fields:
logsource: uat
logtype: czh-uat-activity

- input_type: log
paths:
- /tmp/logs/optimus-coupon-api.log
document_type: "czh-uat-coupon"
fields:
logsource: uat139.224.146.96
logtype: czh-uat-coupon

- input_type: log
paths:
- /tmp/logs/optimus-bean-api.log
document_type: "czh-uat-bean"
fields:
logsource: uat
logtype: czh-uat-bean

- input_type: log
paths:
- /tmp/logs/optimus-external-api.log
document_type: "czh-uat-external-web"
fields:
logsource: uat
logtype: czh-uat-external-web

- input_type: log
paths:
- /tmp/logs/api-gateway-production.log
document_type: "czh-uat-gateway"
fields:
logsource: uat
logtype: czh-uat-gateway

- input_type: log
paths:
- /tmp/logs/optimus-manage-api.log
document_type: "czh-uat-manage"
fields:
logsource: uat
logtype: czh-uat-manage

- input_type: log
paths:
- /tmp/logs/optimus-order-api.log
document_type: "czh-uat-api-order"
fields:
logsource: uat
logtype: czh-uat-api-order

- input_type: log
paths:
- /tmp/logs/optimus-parent-plus-api.log
document_type: "czh-uat-parent-plus"
fields:
logsource: uat
logtype: czh-uat-parent-plus

- input_type: log
paths:
- /tmp/logs/optimus-user-api.log
document_type: "czh-uat-user-production"
fields:
logsource: uat
logtype: czh-uat-user-production

将采集的日志导入logstash里
output.logstash:
hosts: ["192.168.102.38:5044"]

二. logstash的配置：

1.------input配置--------

input {
beats {
port => 5044
}

}

if [fields][logtype] == "czh-uat-activity" {
json {
source => "message"
target => "data"
}
}

if [fields][logtype] == "czh-uat-coupon" {
json {
source => "message"
target => "data"
}
}

if [fields][logtype] == "czh-uat-bean" {
json {
source => "message"
target => "data"
}
}

if [fields][logtype] == "czh-uat-external-web" {
json {
source => "message"
target => "data"
}
}

if [fields][logtype] == "czh-uat-gateway" {
json {
source => "message"
target => "data"
}
}

if [fields][logtype] == "czh-uat-manage" {
json {
source => "message"
target => "data"
}
}

if [fields][logtype] == "czh-uat-api-order" {
json {
source => "message"
target => "data"
}
}

if [fields][logtype] == "czh-uat-parent-plus" {
json {
source => "message"
target => "data"
}
}

if [fields][logtype] == "czh-uat-user-production" {
json {
source => "message"
target => "data"
}
}

-------output-配置------

if [fields][logtype] == "czh-uat-activity"{
elasticsearch {
hosts => ["192.168.102.17:9200","192.168.102.26:9200"]   #将处理后的日志存储到 elasticsearch，多个IP是因为做了集群
index => "czh-uat-activity"   #创建索引
}
}

if [fields][logtype] == "czh-uat-coupon"{
elasticsearch {
hosts => ["192.168.102.17:9200","192.168.102.26:9200"]
index => "czh-uat-coupon"
}
}

if [fields][logtype] == "czh-uat-bean"{
elasticsearch {
hosts => ["192.168.102.17:9200","192.168.102.26:9200"]
index => "czh-uat-bean"
}
}

if [fields][logtype] == "czh-uat-external-web"{
elasticsearch {
hosts => ["192.168.102.17:9200","192.168.102.26:9200"]
index => "czh-uat-external-web"
}
}

if [fields][logtype] == "czh-uat-gateway"{
elasticsearch {
hosts => ["192.168.102.17:9200","192.168.102.26:9200"]
index => "czh-uat-gateway"
}
}

if [fields][logtype] == "czh-uat-manage"{
elasticsearch {
hosts => ["192.168.102.17:9200","192.168.102.26:9200"]
index => "czh-uat-manage"
}
}

if [fields][logtype] == "czh-uat-api-order"{
elasticsearch {
hosts => ["192.168.102.17:9200","192.168.102.26:9200"]
index => "czh-uat-api-order"
}
}

if [fields][logtype] == "czh-uat-parent-plus"{
elasticsearch {
hosts => ["192.168.102.17:9200","192.168.102.26:9200"]
index => "czh-uat-parent-plus"
}
}

if [fields][logtype] == "czh-uat-user-production"{
elasticsearch {
hosts => ["192.168.102.17:9200","192.168.102.26:9200"]
index => "czh-uat-user-production"
}
}