ELK一次错误日志弄到一行
作者:互联网
示例:(只看红色部分即可)
input {
file {
path => ["/opt/logs/normal.log"]
start_position => "beginning"
type => "normal"
}
file {
path => ["/opt/logs/error.log"]
start_position => "beginning"
type => "error"
codec=>multiline {
pattern => "^%{TIMESTAMP_ISO8601}"
negate => true
what => previous
}
}
}
output {
if [type] == "hr-yg-error" {
elasticsearch {
hosts => ["192.168.168.121:9200"]
index => "error-%{+YYYY-MM}"
codec => rubydebug
}
}
if [type] == "hr-yg-normal" {
elasticsearch {
hosts => ["192.168.168.121:9200"]
index => "normal-%{+YYYY-MM}"
codec => rubydebug
}
}
}
标签:ELK,normal,rubydebug,一行,codec,192.168,error,日志,type 来源: https://blog.csdn.net/wangwenzhe222/article/details/122808259