,
强>
安装目录:/opt/Logstash/,
#,vim /opt/Logstash/bin/logstash LS_HEAP_SIZE=500 m LS_JAVA_OPTS=" -server - xmx200m "
input {, ,,,file {, ,,,,,,,type =祝辞,“错误日志”,#,指定类型,用于以后判断操作, ,,,,,,,path =祝辞,“/tmp/test.log”, #,文件路径, ,,,,,,,start_position =祝辞,“开始”,#,文件开始位置, ,,,,,,,codec =祝辞,multiline {#大敌;使用多行匹配方式进行过滤, ,,,,,,,,,,,pattern =祝辞,“^ \ d{4}”, #,以4个数字开头的为第一行,, ,,,,,,,,,,,negate =祝辞,true #,所有不以4个数字开头的,均归于上一行(下面什么配置), ,,,,,,,,,,,what =祝辞,“之前”, ,,,,,,,} ,,,}, } filter { ,,,grok {,,, ,,,,,,,match =祝辞,{,,,,,,,, ,,,,,,,,,,,的信息:\ s + \ n。*代码:(? & lt; Code> \ d +)。*信息:(? & lt; Message> +)。\ n . *文件:(? & lt; File> +)。\ n。*线:(? & lt; Line> \ s + \ d +)。*”,,,, #,对于匹配规则,还是要针对自己场景自己写,,,,},,,,,,,add_tag =祝辞,(,“zabbix-sender”),, #,添加一个标签,,,,add_field =祝辞,(,,,,,,,,,,,,,,,,,#,设定剂主机的主机名和关键的映射,,,,,,,,“zabbix_host”,“web01”,,,,,, #,主机名,,,,,,,,“zabbix_key”,“logstash”,,,, #,添加项时,设定的键名称,,,,)},,,,if “_grokparsefailure”,[标记]拷贝,{,,,,,,,,,#,如果过滤报错,那么移除报错标签,不进行其他处理,,,,,,,,mutate {,,,,,,,,,,, remove_tag =祝辞,“_grokparsefailure”,,,,,,,,},,,,} } output {, #输出配置, ,,,stdout {, #测试时可以开启终端输出, ,,,,,,,codec =祝辞,rubydebug ,,,,,,,# codec =祝辞,json #,可以选择json格式的输出还是rubydebug格式的输出, ,,,}, ,,,zabbix {, #发送给zabbix的配置, ,,,,,,,zabbix_host =祝辞,“zabbix_host”, #, zabbix_host指上面映射的主机,不能用ip ,,,,,,,zabbix_key =祝辞,“zabbix_key”, #, zabbix_key指上面映射的关键,意思就 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,是发送给某主机的某键,值为zabbix_value ,,,,,,,zabbix_server_host =祝辞,“192.168.1.229”,#,zabbix server ,,,,,,,zabbix_server_port =祝辞,“10051”,#,zabbix server port 默认为10051, ,,,,,,,zabbix_value =祝辞,“消息”,#,要发送的键值, ,,,}, nullLogstash整合zabbix过滤Nginx错误日志并进行报的警