ini logstash-inputfile.conf

Posted 2021-05-24

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了ini logstash-inputfile.conf相关的知识，希望对你有一定的参考价值。

input {
        file {
                path => "/data/ujian/fortigate*.txt"
                start_position => beginning
                sincedb_path => "/dev/null"
                type => "fortigate"
        }
}

filter {
   if "fortigate" in [type] {
        grok {
###          match => ["message", "%{SYSLOG5424PRI:syslog_index}%{GREEDYDATA:message}"]
          match => ["message", "%{SYSLOG5424PRI}%{SYSLOGTIMESTAMP}%{SPACE}%{IP}%{SPACE}%{GREEDYDATA:data}"]
          tag_on_failure => [ "forti_grok_failure" ]
        }
        kv {
          source => "data"
          value_split => "="
          field_split => ","
        }

    mutate {
    strip => ["date","time"]
    add_tag => [ "fortigate" ]
    add_field => { "temp_time" => "%{date} %{time}" }
    rename => { "type" => "ftg_type" }
    rename => { "subtype" => "ftg_subtype" }
    convert => { "rcvdbyte" => "integer" }
    convert => { "sentbyte" => "integer" }
}

date {
    match => [ "temp_time", "yyyy-MM-dd HH:mm:ss" , "yyyy-MM-dd HH: mm:ss" ]
    timezone => "Asia/Kuala_Lumpur"
    target => "@timestamp"
    }

###    mutate {
####    remove_field => ["syslog_index","syslog5424_pri","path","temp_time","service","date","time","sentpkt","rcvdpkt","log_id","message","poluuid"]
###  }
 }
} 


# output


output {
if "fortigate" in [tags] {
 elasticsearch {
 hosts => ["127.0.0.1:9200"]
 index => "fortigate-v6-%{+YYYY.MM.dd}"
  }
 }
}

以上是关于ini logstash-inputfile.conf的主要内容，如果未能解决你的问题，请参考以下文章

在Delphi下，怎样在DLL里读取ini文件的内容

vb读写ini文件

在Delphi下，如何在DLL里攫取ini文件的内容

delphi同步读取ini文件

pycharm新建ini文件或创建ini文件失败

ini_set