logstash

cat /etc/logstash/logstash.yml |grep -v '#'
path.data: /data/logstash/data
pipeline.ordered: auto
path.config: /data/logstash_conf/*.conf
config.reload.automatic: true
config.reload.interval: 3s

log.level: info
path.logs: /var/log/logstash

cat input.conf
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.

input {
beats {
port => 5044
}
}

filebeat

[root@pro-bed-10-10-0-120 ~]# cat /etc/filebeat/filebeat.yml
filebeat.inputs:
filebeat.config.prospectors:
enabled: true
path: configs/*.yml
reload.enabled: true
reload.period: 10s
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: true
reload.period: 10s
output.logstash:
hosts: ["*********:5044"]

cat find_file_logstast.sh
#!/bin/bash
dir=$( find /logs/**/*.log)
for i in $dir
do
# echo $i
a1=${i/\/logs\//}
b1=${a1/\//\-}
c1=${b1/\.log/}
# echo $c1
cd /etc/filebeat/configs
rm -rf ${c1}.yml
#if [ -f ${c1}.yml ];then
#echo "文件存在"
#else
echo "

- type: log
enabled: true
paths:
- $i
tags: "\"$c1\""
multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'
multiline.negate: true
multiline.match: after
multiline.timeout: 10s
" > ${c1}.yml
#fi
cd /data/logstash_conf
rm -rf ${c1}.conf
#if [ -f ${c1}.conf ];then
#echo "logstash配置文件存在"
#else
echo "
output {
if "\"${c1}"\" in [tags] {
elasticsearch {
action => "\"index"\"
hosts => ["\"http://***************:9200"\"]
index => "\"${c1}-%{+YYYY-MM-dd}"\"
user => "\"**********"\"
password => "\"**************"\"
}
}
}
" > ${c1}.conf
#fi
done
echo `date`
scp -r /data/logstash_conf/* **************:/data/logstash_conf/

最新文章

  1. Redis系列之key操作命令与Redis中的事务详解(六)
  2. [Asp.net 5] Options-配置文件之后的配置
  3. Java框架重量级,轻量级的问题?
  4. ListView13添加2
  5. DbExpressionBinding requires an input expression with a collection ResultType. 参数名: input
  6. 浪潮之巅IT那点事之三——神奇的规律
  7. [NOIP2016-day1-T2]天天爱跑步running_题解
  8. H5网站借鉴
  9. 【Away3D代码解读】(二):渲染核心流程(简介、实体对象收集)
  10. StackOverFlow的2016统计
  11. Angularjs实现简单分页
  12. FJUTOJ-周赛2016-12-16
  13. docker容器日志收集方案(方案四,目前使用的方案)
  14. 启动tomcat报错com.sun.faces.config.ConfigureListener
  15. LeetCode--No.006 ZigZag Conversion
  16. HDU-5373-水题-卡常数时间
  17. pytorch 中的 split
  18. NHibernate 有好几种数据库查询方式
  19. Docker容器相互访问
  20. 什么是PHP无限级分类

热门文章

  1. Android:ViewModel
  2. 【javascript】slice()、substring()和substr() 三种字符串截取方法区别
  3. 聊一下kafka的消费组
  4. 多资产VAR风险--基于python处理
  5. 【5】java之日期处理类
  6. C++基础复习题(笔试题)
  7. [CSS]隐藏浏览器滚动条
  8. Dockerfile自定义镜像
  9. SpringBoot 自定义启动的logo(即banner)
  10. JVM(二) --- JVM的内存结构