LogstashL reference 重要章节

配置文件结构说明

https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html

 

Event相关配置

https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html

event中字段提取: field reference 

如:[ua][os]    

应用字段内容: sprintf format

如:increment => "apache.%{[response][status]}" } }  

条件语句:Conditionals 

如:if [action] == "login"

特殊字段说明:

@metadata、@timestamp

 

{
  "agent": "Mozilla/5.0 (compatible; MSIE 9.0)",
  "ip": "192.168.24.44",
  "request": "/index.html"
  "response": {
    "status": 200,
    "bytes": 52353
  },
  "ua": {
    "os": "Windows 7"
  }
}

 

环境变量的应用

https://www.elastic.co/guide/en/logstash/current/environment-variables.html

 

配置文件自动reload

https://www.elastic.co/guide/en/logstash/current/reloading-config.html

 

logstash的部署模式

https://www.elastic.co/guide/en/logstash/current/deploying-and-scaling.html#deploying-and-scaling

posted @ 2016-04-28 19:43  弋痕夕的残影  阅读(224)  评论(0编辑  收藏  举报