你只用elasticsearch还是用ELK stack(elasticsearch, logstash, kibana)?我用过ELK stack,用的logstash-forwarder把文件发送给logstash存在elasticsearch里。也许你想要的是类似 elasticsearch-knapsack(https://github.com/jprante/elasti...
input {
file {
type => "log"
#stat_interval => "\t"
path
=> "/home/hadoop/xinwang_XW351464_2110.log"
}
}
filter {
if
[path] =~ "xinwang_XW351464_2110" {
mutate { replace => { "type" =>
"apache_access" } }
grok {
match => { "message" =>
"%{COMBINEDAPACHELOG}" }
}
}
date {
match => [ "timestamp" ,
"dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output {
elasticsearch
{
#cluster => "logstash_ela"
#node_name=> "es_master"
host =>
"192.168.1.152"
index => "eslsg"
index_type => "type"
protocol
=> "http"
port => 9200
workers => 1
}
}
内容全部来源于网络收集,如有侵权,请联系网站删除:QQ:24596024