绊脚石乃是进身之阶。

filebeat如何把日志日志内容输入redis,又如何取出呢?我的日志无法输入到redis

Logstash | 作者 ktpktr0 | 发布于2017年08月18日 | 阅读数:7553

下面是我配置文件:
1、filebeat:
filebeat.prospectors:
- input_type: log
  paths:
    - /var/log/message.log
  document_type: linux
- input_type: log
  paths:
    - /var/log/httpd/access_log 
  document_type: api
  hosts: ["192.168.1.3:9200"]
output.logstash:
  hosts: ["192.168.1.3:5044"]
  ssl.certificate: "/etc/pki/tls/certs/logstash-forwarder.crt"
  ssl.key: "/etc/pki/tls/private/logstash-forwarder.key"
 
 
这里是logstash配置文件:
1、logstash-5.5.1/conf/redis-input.con
 
input {
 beats {
    port => "5043"
    ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
    ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
 }
}
output {
   redis {
        host => "192.168.1.3"
        port => 6379
        data_type => "list"
        key => "logstash:redis"
        password => "123456"
    }
    stdout { codec => rubydebug }
}
 
 
2、logstash-5.5.1/conf/redis-output.conf
 
input {
    redis {
        data_type => "list"
        key => "logstash:redis"
        host => "192.168.1.3"
        port => 6379
        password => "123456"
    }
}
output {
    if[type] =="linux"{
     elasticsearch {
        hosts => [ "192.168.1.3:9200" ]
    index => "linux-%{+YYYY.MM.dd}"
        document_type => "%{[@metadata][type]}"
        flush_size => 20000
        idle_flush_time => 10
        template_overwrite => true
    }
   }else if[type] =="api"{
     elasticsearch {
        hosts => [ "192.168.1.3:9200" ]
        index => "api-%{+YYYY.MM.dd}"
        document_type => "%{[@metadata][type]}"
        flush_size => 20000
        idle_flush_time => 10
        template_overwrite => true
    }
   }
    
  stdout { codec => rubydebug }
}
 
 
配置文件成功启动没有问题:
但redis上查看是没有日志过来的
127.0.0.1:6379> auth 123456
OK
127.0.0.1:6379> llen "linux"
(integer) 0
127.0.0.1:6379> llen "api"
(integer) 0
127.0.0.1:6379> 
 
已邀请:

要回复问题请先登录注册