Use filebeat collected log transfer to display various effects redis

Others 2019-08-28 14:10:07 views: null

Environment:
Linux host, cengtos7 system
installed openresty software used to access the log information generated version 1.15.8
is installed filebeat software, log used to collect openresty version 7.3
installed redis software, used to receive logs sent from filebeat, 5.0 .5 version

  1. filebeat.yml 配置
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /usr/local/openresty/nginx/logs/host.access.log
  fields:
    log_source: messages
  fields_under_root: true

output.redis:
  hosts: ["192.168.0.142:6379"]
  key: nginx_log
  password: foobar2000
  db: 0

The effect of the following parameters

  fields:
    log_source: messages
  fields_under_root: true

Using multiple fields represent an increase in the collected logs filebeat a field log_source, messages whose value is, for output to the determination elasticsearch log output logstash sources in order to establish the corresponding index
if fields_under_root set to true, indicating the new top the field is the top parameter, redis in view, then the effect is as follows:

In the top field of the output to the output elasticsearch used as follows:

output {
  # 根据redis键 messages_secure 对应的列表值中,每一行数据的其中一个参数来判断日志来源
  if [log_source] == 'messages' {  # 注意判断条件的写法
    elasticsearch {
      hosts => ["http://192.168.80.104:9200"]
      index => "filebeat-message-%{+YYYY.MM.dd}"
      #user => "elastic"
      #password => "elastic123"
    }
  }
}

If fields_under_root set to false, indicating the new fields are top fields are two fields of view in the redis then the effect is as follows:

two output fields field to use elasticsearch output as follows:

output {
  # 根据redis键 messages_secure 对应的列表值中,每一行数据的其中一个参数来判断日志来源
  if [fields][log_source] == 'messages' {  # 注意判断条件的写法
    elasticsearch {
      hosts => ["http://192.168.80.104:9200"]
      index => "filebeat-message-%{+YYYY.MM.dd}"
      #user => "elastic"
      #password => "elastic123"
    }
  }
}
  1. If a plurality of applications are outputted to the log redis, only need filebeat.inputs: and then add the following - type: logsection on the line, as follows:
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /usr/local/openresty/nginx/logs/host.access.log # 假设应用1的日志路径
  fields:
    log_source: messages # logstash判断日志来源

### 新增的###
- type: log
  enabled: true
  paths:
    - /usr/local/openresty/nginx/logs/error.log  # 假设应用2的日志路径
  fields:
    log_source: secure
### 新增的###


output.redis:
  hosts: ["192.168.80.107:6379"]
  key: messages_secure 
  password: foobar2000 
  db: 0

Guess you like

Origin www.cnblogs.com/sanduzxcvbnm/p/11422928.html
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com