[elk@zjtest7-frontend config]$ cat logstash_agent.conf

input {

        file {

                type => "zj_nginx_access"

                path => ["/rsyslog/data/nginx/zjzc/nginx_access0*_log.*"]

                ignore_older => 87400

        }

       file {

                type => "uat_nginx_access"

                path => ["/rsyslog/data/nginx/uat/nginx_access0*_log.*"]

                ignore_older => 87400

        } 

}

filter {

    grok {

        match => {

            "message" => "%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>\S+)\" \"(?<http_x_forwarded_for>\S+)\""

        }

    }

}

output {

     if [type] == "zj_nginx_access" {

        redis {

                host => "192.168.32.67"

                data_type => "list"

                key => "zj_nginx:redis"

                port=>"6379"

                password => "1234567"

        }

}

      else if [type] == "uat_nginx_access"{

       redis {

                host => "192.168.32.67"

                data_type => "list"

                key => "uat_nginx:redis"

                port=>"6379"

                password => "1234567"

        }

}

}

indexer.conf:

input {

        redis {

                host => "192.168.32.67"

                data_type => "list"

                key => "zj_nginx:redis"

                password => "1234567"

                port =>"6379"

        }

        redis {

                host => "192.168.32.67"

                data_type => "list"

                key => "uat_nginx:redis"

                password => "1234567"

                port =>"6379"

        }

}

output {

      if   [type] == "zj_nginx_access"{

        elasticsearch {

                hosts => "192.168.32.80:9200"

                index => "logstash-zjzc-nginx-%{+YYYY.MM.dd}"

        }

		stdout {

			codec => rubydebug

		}

      }

      else if  [type] == "uat_nginx_access"{

      elasticsearch {

                hosts => "192.168.32.81:9200"

                index => "logstash-uat-nginx-%{+YYYY.MM.dd}"

        }

                stdout {

                        codec => rubydebug

                } 

  }

} 

redis消息里有type字段;

127.0.0.1:6379> LPOP "zj_nginx:redis"

"{\"message\":\" 120.26.44.206:8001 120.26.44.206 120.26.44.206 [22/Aug/2016:22:12:58 +0800] \\\"GET / HTTP/1.1\\\" - 200 30626 \\\"-\\\" \\\"curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2\\\" 0.000 -\",\"@version\":\"1\",\"@timestamp\":\"2016-08-22T14:10:55.846Z\",\"path\":\"/rsyslog/data/nginx/zjzc/nginx_access01_log.2016-08-22\",\"host\":\"0.0.0.0\",

\"type\":\"zj_nginx_access\",\"tags\":[\"_grokparsefailure\"]}"

{

       "message" => " 120.26.44.206:8001 120.26.44.206 120.26.44.206 [22/Aug/2016:22:18:58 +0800] \"GET / HTTP/1.1\" - 200 30626 \"-\" \"curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2\" 0.000 -",

      "@version" => "1",

    "@timestamp" => "2016-08-22T14:16:55.738Z",

          "path" => "/rsyslog/data/nginx/zjzc/nginx_access01_log.2016-08-22",

          "host" => "0.0.0.0",

          "type" => "zj_nginx_access",

          "tags" => [

        [0] "_grokparsefailure"

    ]

}

{

       "message" => " 121.40.189.90:8001 121.40.189.90 120.26.44.206 [22/Aug/2016:22:14:13 +0800] \"GET / HTTP/1.1\" - 200 30338 \"-\" \"curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2\" 0.001 -",

      "@version" => "1",

    "@timestamp" => "2016-08-22T14:17:04.110Z",

          "path" => "/rsyslog/data/nginx/uat/nginx_access01_log.2016-08-22",

          "host" => "0.0.0.0",

          "type" => "uat_nginx_access",

          "tags" => [

        [0] "_grokparsefailure"

    ]

}

logstash indexer和shipper的配置的更多相关文章

  1. logstash 自动重新加载配置

    自动重新加载配置 为了可以自动检测配置文件的变动和自动重新加载配置文件,需要在启动的时候使用以下命令: ./bin/lagstash -f configfile.conf --config.reloa ...

  2. 【事件中心 Azure Event Hub】在Linux环境中(Ubuntu)安装Logstash的简易步骤及配置连接到Event Hub

    在文章([事件中心 Azure Event Hub]使用Logstash消费EventHub中的event时遇见的几种异常(TimeoutException, ReceiverDisconnected ...

  3. logstash获取nginx日志的配置

    nginx部分配置直接用json,省去很多麻烦 log_format json '{"@timestamp":"$time_iso8601",' '" ...

  4. logstash中关于Jdbc输入配置选项详解

    Setting Input type Required clean_run boolean No columns_charset hash No connection_retry_attempts n ...

  5. ElasticSearch——Logstash输出到Elasticsearch配置

    位置 在Logstash的.conf配置文件中的output中配置ElasticSearch 示例: output { elasticsearch{ action => "index& ...

  6. logstash安装配置

    vim /usr/local/logstash/etc/hello_search.conf 输入下面: input { stdin { type => "human" }} ...

  7. ELK 架构之 Logstash 和 Filebeat 配置使用(采集过滤)

    相关文章: ELK 架构之 Elasticsearch 和 Kibana 安装配置 ELK 架构之 Logstash 和 Filebeat 安装配置 ELK 使用步骤:Spring Boot 日志输出 ...

  8. logstash 修改配置不重启的方法

    1.修改好yml配置 2.进入logstash 容器内,或服务器上 3.ps -ef | grep logstash 拿到进程号 4.kill -1 <pid> 5.logstash 会重 ...

  9. 第三篇:Logstash 安装配置

    Logstash 简介: Logstash 是一个实时数据收集引擎,可收集各类型数据并对其进行分析,过滤和归纳.按照自己条件分析过滤出符合数据导入到可视化界面.Logstash 建议使用java1.8 ...

随机推荐

  1. Azure File SMB3.0文件共享服务(5)

      使用Java管理Azure文件共享服务   Azure文件共享服务提供了多种方式的访问接口,包括Powershell,.Net, Java, Python等等,本章主要介绍如何使用Java来访问A ...

  2. SpringMVC之数据绑定(转)

    到目前为止,请求已经能交给我们的处理器进行处理了,接下来的事情是要进行收集数据啦,接下来我们看看我们能从请求中收集到哪些数据, 1.@RequestParam绑定单个请求参数值: 2.@PathVar ...

  3. X光机的原理及构造

    一.X射线的发现 1895年德国物理学家伦琴(W.C.RÖntgen)在研究阴极射线管中气体放电现象时,用年伦琴荣获物理学第一个诺贝尔奖金.科学总是在不断发展的,经伦琴及各国科学家的反复实践和研究,逐 ...

  4. C++ new和delete实现原理——new和delete最终调用malloc和free

    new和delete最终调用malloc和free,关于malloc和free实现原理参见这篇文章: http://blog.csdn.net/passion_wu128/article/detail ...

  5. 不是技术牛人,如何拿到国内IT巨头的Offer

    原地址:http://blog.csdn.net/lsldd/article/details/13506263 不久前,byvoid面阿里星计划的面试结果截图泄漏,引起无数IT屌丝的羡慕敬仰.看看这些 ...

  6. 国内5款优秀的WEB前端框架

    1. JX(腾讯) 官网地址:http://alloyteam.github.io/JX/#home JX 是一个类似 Google Closure Library 的 Web 前端开发框架,服务于 ...

  7. 电子科大POJ "任意阶矩阵相乘"

    任意阶矩阵的乘法 Time Limit: 3000/1000MS (Java/Others)     Memory Limit: 65535/65535KB (Java/Others) C-sourc ...

  8. 二探ListView

    使用draw9patch 打开内置terminal 输入CD C:\Users\Gaby\AppData\Local\Android\sdk 在该目录下输入draw9patch 导入图片,开始绘制 本 ...

  9. CentOS bridge br0 kvm libvirt-xml

    1,kvm bridge br0配置文件内容实例: ifcfg-em1配置文件内容Example: DEVICE=em1 Bridge=br0 TYPE=Ethernet onboot=yes NM_ ...

  10. Java面向对象知识点精华