,
安装目录:/opt/Logstash/,
#,vim /opt/Logstash/bin/logstash
LS_HEAP_SIZE=500 m
LS_JAVA_OPTS=" -server - xmx200m "
input {,
,,,file {,
,,,,,,,type =祝辞,“错误日志”,#,指定类型,用于以后判断操作,
,,,,,,,path =祝辞,“/tmp/test.log”, #,文件路径,
,,,,,,,start_position =祝辞,“开始”,#,文件开始位置,
,,,,,,,codec =祝辞,multiline {#大敌;使用多行匹配方式进行过滤,
,,,,,,,,,,,pattern =祝辞,“^ \ d{4}”, #,以4个数字开头的为第一行,,
,,,,,,,,,,,negate =祝辞,true #,所有不以4个数字开头的,均归于上一行(下面什么配置),
,,,,,,,,,,,what =祝辞,“之前”,
,,,,,,,}
,,,},
}
filter {
,,,grok {,,,
,,,,,,,match =祝辞,{,,,,,,,,
,,,,,,,,,,,的信息:\ s + \ n。*代码:(? & lt; Code> \ d +)。*信息:(? & lt; Message> +)。\ n . *文件:(? & lt; File> +)。\ n。*线:(? & lt; Line> \ s + \ d +)。*”,,,, #,对于匹配规则,还是要针对自己场景自己写,,,,},,,,,,,add_tag =祝辞,(,“zabbix-sender”),, #,添加一个标签,,,,add_field =祝辞,(,,,,,,,,,,,,,,,,,#,设定剂主机的主机名和关键的映射,,,,,,,,“zabbix_host”,“web01”,,,,,, #,主机名,,,,,,,,“zabbix_key”,“logstash”,,,, #,添加项时,设定的键名称,,,,)},,,,if “_grokparsefailure”,[标记]拷贝,{,,,,,,,,,#,如果过滤报错,那么移除报错标签,不进行其他处理,,,,,,,,mutate {,,,,,,,,,,, remove_tag =祝辞,“_grokparsefailure”,,,,,,,,},,,,}
}
output {, #输出配置,
,,,stdout {, #测试时可以开启终端输出,
,,,,,,,codec =祝辞,rubydebug
,,,,,,,# codec =祝辞,json #,可以选择json格式的输出还是rubydebug格式的输出,
,,,},
,,,zabbix {, #发送给zabbix的配置,
,,,,,,,zabbix_host =祝辞,“zabbix_host”, #, zabbix_host指上面映射的主机,不能用ip
,,,,,,,zabbix_key =祝辞,“zabbix_key”, #, zabbix_key指上面映射的关键,意思就
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,是发送给某主机的某键,值为zabbix_value
,,,,,,,zabbix_server_host =祝辞,“192.168.1.229”,#,zabbix server
,,,,,,,zabbix_server_port =祝辞,“10051”,#,zabbix server port 默认为10051,
,,,,,,,zabbix_value =祝辞,“消息”,#,要发送的键值,
,,,},
null
