elk+redis centos6.6安装与配置
rpm -ivh logstash-2.0.0-1.noarch.rpmPreparing... ###########################################
1:logstash ###########################################
server端配置
# cat /etc/logstash/conf.d/index.conf
input {
redis {
host => "127.0.0.1"
port => 6379
data_type => "list"
key => "logstash:redis"
type => "redis-input"
}
}
filter {
grok {
match => [ "message", "%{WORD:http_host} %{URIHOST:api_domain} %{IP:inner_ip} %{IP:lvs_ip} \[%{HTTPDATE:timestamp}\] \"%{WORD:http_verb} %{URIPATH:baseurl}(?:\?%{NOTSPACE:request}|) HTTP/%{NUMBER:http_version}\" (?:-|%{NOTSPACE:request}) %{NUMBER:http_status_code} (?:%{NUMBER:bytes_read}|-) %{QS:referrer} %{QS:agent} %{NUMBER:time_duration:float} (?:%{NUMBER:time_backend_response:float}|-)"]
kv {
prefix => "request."
field_split => "&"
source => "request"
}
urldecode {
all_fields => true
}
date { type => "log-date"
match => ["timestamp" , "dd/MMM/YYYY:HH:mm:ss Z"]
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
}
本机日志配置
# cat /etc/logstash/conf.d/agent.conf
input {
file { path => "日志路径" }#logstash用户需要对文件有读权限
}
output {
redis {
host => "127.0.0.1"#redis IP地址
data_type => "list"
key => "logstash:redis"
}
}
页:
[1]