Logstash detailed explanation - output module

Others 2022-04-28 02:36:44 views: 0

The output module of Logstash is an output module compared to the input module. The output module integrates a large number of output plug-ins, which can output to the specified file, or output to the specified network port, and of course output data to ES. Here I only introduce how to output to ES, as for how to output to ports and specified files, there are a lot of documentation to find.

elasticsearch{  
    hosts=>["172.132.12.3:9200"]  
    action=>"index"  
    index=>"indextemplate-logstash"  
    #document_type=>"%{@type}"  
    document_id=>"ignore"  
      
    template=>"/opt/logstash-conf/es-template.json"  
    template_name=>"es-template.json"  
    template_overwrite=>true       
    }

 action=>”index” #es Actions to be executed index, delete, create, update
l index: index logstash. time to a document
l delete: delete a document according to id (this action requires an id)
l create: create a document Index the document, if the id exists, the action fails.
l update: update a document according to the id, there is a special case that can upsert--update the document if the document does not already exist. See upsert options.
l A sprintf style string to change the action based on the content of the event. The value %{[foo]} would use the foo field for the action
document_id=>” ” to provide the document id for the index, the same for rewriting elasticsearch The id entry is very useful
document_type=>” ”The document type to which the event is to be written. Generally, similar events should be written to the same type, and %{} can be used to refer to the event type. The default type=log
index=>”logstash-%{+ YYYY,MM.dd}” event to be written into the index, but dynamically with the %{foo} statement
hosts=>[“127.0.0.0”] ["127.0.0.1:9200","127.0.0.2:9200" ] "https://127.0.0.1:9200"
manage_template=>true A default es mapping template will be enabled (unless set to false to use your own template)
template=>”” Valid filepath Set your own template file path, if not set, use the existing
template_name=>”logstash” A problem that needs to be paid attention to in the name of the internal template of es
is that document_id should be as unique as possible, which will solve the problem of duplication of ES data that you are about to face, remember!

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326013025&siteId=291194637
Recommended
Ranking
[Algorithm] greedy _ program scheduling issues
Spring 控制反转(IOC)
Data structure-6.6 figure
Indicates that the class or member method has abstract properties
Huawei v5 server installed Linux operating system
Postgresql source code analysis - creating ordinary tables
Chapter 10 Evaluation Classification Results
Cloud service Ubuntu 20.04 version uses Nginx to deploy static web pages
Java Exercise 17.1
Solve the problem that git cannot automatically push submission in IDEA Push failed: Failed with error: Could not read from remote repository.
Daily
More
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)

Code World

© 2018 codetd.com