本文介绍了一种从不同来源收集数据的方法,包括特定路径的日志文件和多个Redis实例。通过配置,系统能够根据类型将这些数据发送到相应的Elasticsearch索引中,实现高效的数据管理和检索。
input {
file {
path => "/srv/web/a/logs/a.*"
start_position => "beginning"
type => "a"
}
file {
path => "/srv/web/b/logs/b.*"
start_position => "beginning"
type => "b"
}
redis {
host => "120.70.35.123"
port => "6379"
data_type => "list"
type => "c"
key => "c:redis"
password => "c"
}
redis {
host => "120.70.35.123"
port => "6379"
data_type => "list"
key => "d:redis"
type => "d"
password => "d"
}
redis {
host => "120.70.35.123"
port => "6379"
data_type => "list"
key => "e:redis"
type => "e"
password => "redis123"
}
redis {
host => "120.70.35.123"
port => "6379"
data_type => "list"
key => "f:redis"
type => "f"
password => "f"
}
redis {
host => "120.70.35.123"
port => "6379"
data_type => "list"
key => "g:redis"
type => "g"
password => "g"
}
}
output {
if "_grokparsefailure" in [tags] {
}else{
if [type] == "a"{
elasticsearch {
hosts => ["http://localhost:9200"]
index => "a-%{+YYYY.MM.dd}"
}
}
if [type] == "b"{
elasticsearch {
hosts => ["http://localhost:9200"]
index => "b-%{+YYYY.MM.dd}"
}
}
if [type] == "c"{
elasticsearch {
hosts => ["http://localhost:9200"]
index => "c-%{+YYYY.MM.dd}"
}
}
if [type] == "d"{
elasticsearch {
hosts => ["http://localhost:9200"]
index => "d-%{+YYYY.MM.dd}"
}
}
if [type] == "f"{
elasticsearch {
hosts => ["http://localhost:9200"]
index => "f-%{+YYYY.MM.dd}"
}
}
if [type] == "g"{
elasticsearch {
hosts => ["http://localhost:9200"]
index => "g-%{+YYYY.MM.dd}"
}
}
}
}
file {
path => "/srv/web/a/logs/a.*"
start_position => "beginning"
type => "a"
}
file {
path => "/srv/web/b/logs/b.*"
start_position => "beginning"
type => "b"
}
redis {
host => "120.70.35.123"
port => "6379"
data_type => "list"
type => "c"
key => "c:redis"
password => "c"
}
redis {
host => "120.70.35.123"
port => "6379"
data_type => "list"
key => "d:redis"
type => "d"
password => "d"
}
redis {
host => "120.70.35.123"
port => "6379"
data_type => "list"
key => "e:redis"
type => "e"
password => "redis123"
}
redis {
host => "120.70.35.123"
port => "6379"
data_type => "list"
key => "f:redis"
type => "f"
password => "f"
}
redis {
host => "120.70.35.123"
port => "6379"
data_type => "list"
key => "g:redis"
type => "g"
password => "g"
}
}
output {
if "_grokparsefailure" in [tags] {
}else{
if [type] == "a"{
elasticsearch {
hosts => ["http://localhost:9200"]
index => "a-%{+YYYY.MM.dd}"
}
}
if [type] == "b"{
elasticsearch {
hosts => ["http://localhost:9200"]
index => "b-%{+YYYY.MM.dd}"
}
}
if [type] == "c"{
elasticsearch {
hosts => ["http://localhost:9200"]
index => "c-%{+YYYY.MM.dd}"
}
}
if [type] == "d"{
elasticsearch {
hosts => ["http://localhost:9200"]
index => "d-%{+YYYY.MM.dd}"
}
}
if [type] == "f"{
elasticsearch {
hosts => ["http://localhost:9200"]
index => "f-%{+YYYY.MM.dd}"
}
}
if [type] == "g"{
elasticsearch {
hosts => ["http://localhost:9200"]
index => "g-%{+YYYY.MM.dd}"
}
}
}
}
扫一扫
995
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
