filebeat 的日志一直在输出。
logstash日志一直没有
filebeat 的 设置
--------------------------------------------------------------------------------------------------
filebeat.prospectors:
- type: log
enabled: false
paths :
- /home/weblogic/Oracle/Middleware/user_projects/domains/7001/servers/AdminServer/car3glogs/login/*.log
filebeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading
reload.enabled: false
setup.template.settings:
index.number_of_shards: 3
#index.codec: best_compression
#_source.enabled: false
setup.kibana:
output.logstash:
# The Logstash hosts
hosts: ["10.2.118.67:5044"]
--------------------------------------------------------------------------------------
logstash的设置
--------------------------------------------------------------------------------------
input {
#监听端口,filebeat传输日志
beats {
port => 5044
}
}
filter {
#去除换行符
mutate{
gsub => [ "message", "\r", "" ]
}
#分割
mutate{
split => ["message","|"]
add_field => {
"LoginDate" => "%{[message][0]}"
"Level" => "%{[message][1]}"
"Method" => "%{[message][2]}"
"UserCode" => "%{[message][3]}"
"UserName" => "%{[message][4]}"
"IP" => "%{[message][5]}"
}
remove_field => "message"
split => ["Computer",":"]
add_field => {
"IP" => "%{[Computer][0]}"
"ComputerName" => "%{[Computer][1]}"
}
remove_field => "Computer"
}
date {
match => [ "LoginDate", "yyyy-MM-dd HH:mm:ss,SSS" ]
}
}
output {
# 输出进行格式化,采用Ruby库来解析日志
stdout {
codec => rubydebug
}
}
logstash日志一直没有
filebeat 的 设置
--------------------------------------------------------------------------------------------------
filebeat.prospectors:
- type: log
enabled: false
paths :
- /home/weblogic/Oracle/Middleware/user_projects/domains/7001/servers/AdminServer/car3glogs/login/*.log
filebeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading
reload.enabled: false
setup.template.settings:
index.number_of_shards: 3
#index.codec: best_compression
#_source.enabled: false
setup.kibana:
output.logstash:
# The Logstash hosts
hosts: ["10.2.118.67:5044"]
--------------------------------------------------------------------------------------
logstash的设置
--------------------------------------------------------------------------------------
input {
#监听端口,filebeat传输日志
beats {
port => 5044
}
}
filter {
#去除换行符
mutate{
gsub => [ "message", "\r", "" ]
}
#分割
mutate{
split => ["message","|"]
add_field => {
"LoginDate" => "%{[message][0]}"
"Level" => "%{[message][1]}"
"Method" => "%{[message][2]}"
"UserCode" => "%{[message][3]}"
"UserName" => "%{[message][4]}"
"IP" => "%{[message][5]}"
}
remove_field => "message"
split => ["Computer",":"]
add_field => {
"IP" => "%{[Computer][0]}"
"ComputerName" => "%{[Computer][1]}"
}
remove_field => "Computer"
}
date {
match => [ "LoginDate", "yyyy-MM-dd HH:mm:ss,SSS" ]
}
}
output {
# 输出进行格式化,采用Ruby库来解析日志
stdout {
codec => rubydebug
}
}
2 个回复
xiaoke - http://blog.51cto.com/kexiaoke
赞同来自: Buddha 、ggg
sun_changlong
赞同来自: