Logstash 使用

一、Input插件

二、Filter插件

三、Output插件

四、实例举证

input {
    elasticsearch {
        hosts => ["172.17.0.1:8200"]
        index => "rhxy_report_log_*"
        query => '{"query": {"range": {"timestamp": {"gte": "now-1m", "format": "yyyy-MM-dd HH:mm:ss.SSS"}}}}'
        docinfo => true
        schedule => "* * * * *"
    }

    elasticsearch {
        hosts => ["172.17.0.1:8200"]
        index => "rhxy_user_portrait_*"
        query => '{"query": {"range": {"timestamp": {"gte":"now-1y", "format": "yyyy-MM-dd"}}}}'
        docinfo => true
        schedule => "* 5 * * *"
    }
}

output {
    elasticsearch {
        hosts => ["127.0.0.1:8200"]
        index => "%{[@metadata][_index]}"
        #template => "/usr/share/logstash/config/rhxy_report_log_temp.json"
        #template_name => "rhxy_report_log"
        #template_overwrite => true
        document_id => "%{[@metadata][_id]}"
    }
}