10.logstash收集slowlog-grok

grok这个插件包含了几百个正则的匹配

vim grok.conf

input {

  file {

    path => "/var/log/messages"

    type => "system"

    start_position => "beginning"

}

}

filter { grok { match => { "message" => "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" } } }

output {

stdout {

 codec => "rubydebug"

}

}

/opt/logstash/bin/logstash -f grok.conf

输入:

55.3.244.1 GET /index.html 15824 0.043

输出:

posted @ 2018-04-24 10:09 Paco_Pig 阅读(293) 评论(0) 收藏举报

刷新页面返回顶部

Paco_Pig