logstash.conf: 10.10.10.149 给三部弄windows日志
input { beats { port => 5044 } } filter { ruby { code => "event.set(‘timestamp‘, event.get(‘@timestamp‘).time.localtime + 8*60*60)" } ruby { code => "event.set(‘@timestamp‘,event.get(‘timestamp‘))" } ruby { code => "event.set(‘alexpath‘,event.get(‘log‘))" } ruby { #code => "event.set(‘blex‘,event.get(‘alexpath‘)[‘file‘][‘path‘])" #code => "puts event.get(‘alexpath‘)[‘file‘][‘path‘].split(pattern=‘:‘)" #code => "event.set(‘alexpath‘,event.get(‘alexpath‘)[‘file‘][‘path‘].split(pattern=‘:‘)[-1])" code => "event.set(‘alexpath‘,event.get(‘alexpath‘)[‘file‘][‘path‘].split(pattern=‘:‘)[-1].tr(‘\\‘,‘/‘))" } mutate { remove_field => ["timestamp"] } # mutate { # split => { "shortHostname" => "-" } # add_field => { "podName" => "%{[shortHostname][0]}" } # } } output { file { # #path => "/tmp/clex%{host}{name}-%{+YYYY}-%{+MM}-%{+dd}.log" # #path => "/tmp/dlex%{host.name}-%{+YYYY}-%{+MM}-%{+dd}.log" # path => "/nfs/%{[alexenv]}/%{podName}-%{+YYYY}-%{+MM}-%{+dd}-%{+HH}.log" path => "/stlogs/%{[alexpath]}" codec => line { format => "%{message}"} } # stdout { } }
filebeat 配置:
alex.yml:
filebeat.inputs: - type: log enabled: true paths: - C:\QA_POC_Logs\** - C:\QA_POC_nsbLog\** #- C:\alexfb\*.log close_inactive: 1m symlinks: true # fields: # alexkey: OnlyEdu.POC.NBus.EHS output.logstash: hosts: [‘10.10.10.149:5044‘]
原文:https://www.cnblogs.com/alexhjl/p/14246618.html