ELK 日志分析系统
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ELK 日志分析系统相关的知识,希望对你有一定的参考价值。
架构如下,logstash-agent ---->redis---->logstash-server----->elasticsearch---->kibana
需求:想收集多个log文件,例如/var/log/messages, /var/log/logstash/logstash.err 两个日志文件;
logstash input和output 如何写,
input {
file {
path => "/var/log/messages"
type => "system"
}
}
input {
file {
path => "/var/log/logstash/logstash.err"
type => "logstash-err"
}
}
output {
if [type] == "system" {
redis {
data_type => "list"
key => "system-messages-test"
host => "10.54.22.97"
port => "6379"
db => "2"
}
}
if [type] == "logstash-err" {
redis {
data_type => "channel"
key => "logstash-err-cesi"
host => "10.54.22.97"
port => "6379"
db => "3"
}
}
}
还有一个:如下;
input {
redis {
data_type => "list"
key => "system-messages-test"
host => "10.54.22.97"
port => "6379"
db => "2"
}
redis {
data_type => "channel"
key => "logstash-err-cesi"
host => "10.54.22.97"
port => "6379"
db => "3"
}
}
output {
if [data_type] == "list" {
elasticsearch {
hosts => "10.54.22.97:9200"
index => "system-redis-messages-%{+YYYY.MM.dd}"
}
}
if [data_type] == "channel" {
elasticsearch {
hosts => "10.54.22.97:9200"
index => "logstash-err-%{+YYYY.MM.dd}"
}
}
以上是关于ELK 日志分析系统的主要内容,如果未能解决你的问题,请参考以下文章