logstash线上配置文件
线上logstash配置文件,特此记录。
# pipelines.yml 文件
$ egrep -v '^$|^#' pipelines.yml
- pipeline.id: feature
path.config: "/data/elk/logstash-7.5.0/conf.d/kafka-feature.conf"
- pipeline.id: feature-log
path.config: "/data/elk/logstash-7.5.0/conf.d/kafka-feature-log.conf"
- pipeline.id: report
path.config: "/data/elk/logstash-7.5.0/conf.d/kafka-report.conf"
- pipeline.id: device
path.config: "/data/elk/logstash-7.5.0/conf.d/kafka-devicelog.conf"
- pipeline.id: main
path.config: "/data/elk/logstash-7.5.0/conf.d/kafka-reqlog.conf"# logstash 配置文件
$ egrep -v '^$|^#' logstash.yml
pipeline.workers: 32
pipeline.batch.size: 1000
pipeline.batch.delay: 50# 任意一个.conf 文件
cat kafka-devicelog.conf
input{
kafka {
bootstrap_servers => "kafka01:9092,kafka02:9092,kafka03:9092"
auto_offset_reset => "latest"
topics => ["deviceRequestLog"]
client_id => "dev-no01"
group_id => "logstash-devlog"
decorate_events => true
}
}
filter{
json {
source => "message"
}
mutate {
remove_field => ["message"]
add_field => { "@kafka_timestamp" => "" }
}
date {
match => ["[@metadata][kafka][timestamp]","UNIX_MS"]
target => "@kafka_timestamp"
}
# 解决8小时时差问题
ruby {
code => "event.set('timestamp', event.get('req_time') + 8*60*60*1000)"
}
date {
match => ["timestamp", "UNIX_MS"]
target => "@timestamp"
}
mutate {
remove_field => ["timestamp"]
}
}
output {
elasticsearch {
hosts => ["es01:9200","es02:9200","es03:9200"]
index => "device-log-%{+YYYY-MM-dd}"
user => "elastic"
password => "ppasswd"
}
}本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
原始发表:2023-04-20,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
目录
相关产品与服务
Elasticsearch Service
腾讯云 Elasticsearch Service(ES)是云端全托管海量数据检索分析服务,拥有高性能自研内核,集成X-Pack。ES 支持通过自治索引、存算分离、集群巡检等特性轻松管理集群,也支持免运维、自动弹性、按需使用的 Serverless 模式。使用 ES 您可以高效构建信息检索、日志分析、运维监控等服务,它独特的向量检索还可助您构建基于语义、图像的AI深度应用。