摘要:
Redis 服务器是Logstash 推荐的Broker选择,Broker 角色就意味会同时存在输入和输出两个插件。5.1.1 读取Redis 数据LogStash::Input::Redis 支持三种data_type(实际上是redis_type),不同的数据类型会导致实际采用不同的Redi... 阅读全文
posted @ 2016-09-12 09:47
czcb
阅读(206)
评论(0)
推荐(0)
摘要:
ACL derivatives : hdr([[,]]) : exact string match 字符串精确匹配 hdr_beg([[,]]) : prefix match hdr_dir([[,]]) : subdir match hdr_dom([[,]])... 阅读全文
posted @ 2016-09-11 16:44
czcb
阅读(250)
评论(0)
推荐(0)
摘要:
"message" => " 10.171.246.184 [11/Sep/2016:14:42:53 +0800] \"GET /wechat/home.html?useragent=android_h5_zjcap&apiver=2 HTTP/1.1\" -... 阅读全文
posted @ 2016-09-11 14:48
czcb
阅读(120)
评论(0)
推荐(0)
摘要:
Configuration OKzjtest7-frontend:/usr/local/logstash-2.3.4/config# ../bin/logstash -f g01.conf Settings: Default pipeline workers: 1Pipeline main st... 阅读全文
posted @ 2016-09-11 14:03
czcb
阅读(142)
评论(0)
推荐(0)
摘要:
zjtest7-frontend:/usr/local/logstash-2.3.4/config# cat g01.conf input {stdin{}} filter { grok { match => { "message" =>"\s+(?\d+(?:\.\d+)... 阅读全文
posted @ 2016-09-11 13:38
czcb
阅读(232)
评论(0)
推荐(0)
摘要:
/********* 把字符串转换成整型zjtest7-frontend:/usr/local/logstash-2.3.4/config# cat geoip.confinput {stdin {} }filter { geoip { source =>"message" add_fi... 阅读全文
posted @ 2016-09-11 12:30
czcb
阅读(201)
评论(0)
推荐(0)
摘要:
zjtest7-frontend:/usr/local/logstash-2.3.4/config# cat geoip.confinput {stdin {} }filter { geoip { source =>"message" add_field => [ "[geoip][sc... 阅读全文
posted @ 2016-09-11 12:00
czcb
阅读(140)
评论(0)
推荐(0)
摘要:
filter { grok { match =>[ "message","%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request}\?.* HTT... 阅读全文
posted @ 2016-09-11 11:01
czcb
阅读(429)
评论(0)
推荐(0)
摘要:
nginx 服务器配置:jrhwpt01:/root# cat /etc/rsyslog.conf $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)$ModLoad im... 阅读全文
posted @ 2016-09-10 22:24
czcb
阅读(817)
评论(0)
推荐(0)
摘要:
阅读全文
posted @ 2016-09-10 09:47
czcb
阅读(588)
评论(0)
推荐(0)
浙公网安备 33010602011771号