1
ELK高级配置之多应用索引过滤
source link: https://blog.51cto.com/u_15867943/5992028
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
ELK高级配置之多应用索引过滤
精选 原创我们在实际的场景中,经常是多个网站或者服务端在一台服务器上,但是如果这些应用全部
记录到一台logstash服务器,大家日志都混在一起不好区分。
有人说,我可以在日志中打项目名,但是这样并不方便。
其实,我们可以在索引上做文章。
配置如下:
input {
file {
path => ["/Users/KG/Documents/logs/app-a/*.log"]
type => "app-a"
}
file {
path => ["/Users/KG/Documents/logs/app-b/*.log"]
type => "app-b"
}
}
file {
path => ["/Users/KG/Documents/logs/app-a/*.log"]
type => "app-a"
}
file {
path => ["/Users/KG/Documents/logs/app-b/*.log"]
type => "app-b"
}
}
output {
stdout {
codec => rubydebug
}
if [type] == "app-a" {
elasticsearch {
hosts => "你的elastic服务器地址:9200"
index => "app-a-%{+YYYY.MM.dd}"
document_type => "log4j_type"
}
}
else if [type] == "app-b" {
elasticsearch {
hosts => "你的elastic服务器地址:9200"
index => "app-b-%{+YYYY.MM.dd}"
document_type => "log4j_type"
}
}
}
stdout {
codec => rubydebug
}
if [type] == "app-a" {
elasticsearch {
hosts => "你的elastic服务器地址:9200"
index => "app-a-%{+YYYY.MM.dd}"
document_type => "log4j_type"
}
}
else if [type] == "app-b" {
elasticsearch {
hosts => "你的elastic服务器地址:9200"
index => "app-b-%{+YYYY.MM.dd}"
document_type => "log4j_type"
}
}
}
从上面的代码可以看出,我们配置了2个索引app-a表示应用A, 而app-b表示应用B。
我们利用了type和path属性,然后对不同路径的日志进行监控,将输入定向到不同的索引。
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK