自动化运维之日志系统Logstash实践(九)

7.案例logstash写入elasticsearch

数据直接写入elasticsearch中(适合日志数量不大，没有Redis)

 

1. [root@linux-node3 conf.d]# cat input_file_output_es.conf
2. input {
4. #system
5. syslog {
6. type => "system_rsyslog"
7. host => "192.168.90.203"
8. port => "514"
9. }
11. #java
12. file {
13. path => "/var/log/elasticsearch/xuliangwei.log"
14. type => "error_es"
15. start_position => "beginning"
16. codec => multiline {
17. pattern => "^\["
18. negate => true
19. what => "previous"
20. }
21. }
23. #nginx
24. file {
25. path => "/var/log/nginx/access_json.log"
26. type => "access_nginx"
27. codec => "json"
28. start_position => "beginning"
29. }
30. }
33. output {
34. #多行文件判断
35. if [type] == "system_rsyslog" {
36. elasticsearch {
37. hosts => ["192.168.90.201:9200","192.168.90.202:9200"]
38. index => "system_rsyslog_%{+YYYY.MM}"
39. }
40. }
42. if [type] == "error_es" {
43. elasticsearch {
44. hosts => ["192.168.90.201:9200","192.168.90.202:9200"]
45. index => "error_es_%{+YYYY.MM.dd}"
46. }
47. }
48. if [type] == "access_nginx" {
49. elasticsearch {
50. hosts => ["192.168.90.201:9200","192.168.90.202:9200"]
51. index => "access_nginx_%{+YYYY.MM.dd}"
52. }
53. }
54. }