logstash对tomcat日志多行错误日志合并一行

By | 2017年2月24日

input {
file {
type => “tomcatout”
path => “/root/catalina.out”
codec=> multiline {
pattern => “^\d{4}-\d{1,2}-\d{1,2}\s\d{1,2}:\d{1,2}:\d{1,2}”
negate => true
what => “previous”
}
start_position => beginning
ignore_older => 0
}
file {
type => “nginx”
path => “/var/log/httpd/access_log”
start_position => beginning
ignore_older => 0
}
}
filter {
grok {
match => { “message” => “%{COMBINEDAPACHELOG}”}
}
geoip {
source => “clientip”
}
}
output {
if [type] == “tomcatout” {
elasticsearch {
action => “index”
hosts => [ “192.168.57.139:9200” ]
index => “tomcatout”
}
}
if [type] == “nginx” {
elasticsearch {
action => “index”
hosts => [ “192.168.57.139:9200” ]
index => “nginx”
}
}

}

Category: os 标签:

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注