需求是小日志量下,通过filebeat收集多套日志,发送到logstash的5044端口,通过logstash进行分离清洗,然后分别建立索引,好了上配置文件。
日志格式如下
2020-05-06 20:45:04.918 INFO 4857 --- [http-nio-8081-exec-4] c.s.s.controller.XytSysController : method=csoUserInfoSysDTOList=[{"action":"1","channel":"DM","idCard":"4130261024873111111","licensed":"41302619811111111","name":"张某","number":"30042711","organizationCode":"235","telephone":"13526811111"}]2020-05-06 20:51:41.748 INFO 4857 --- [http-nio-8081-exec-2] c.s.s.controller.XytSysController : method=webAccountSys=[{"action":"1","name":"李某","organizationCode":"224","password":"00000000","role":"4","usercode":"CHN0022339"},{"action":"1","name":"李某","organizationCode":"224","password":"00000000","role":"5","usercode":"CHN0022339"}]2020-05-06 20:55:05.130 INFO 4857 --- [http-nio-8081-exec-3] c.s.s.controller.XytSysController : method=csoUserInfoSysDTOList=[{"action":"1","channel":"DM","idCard":"413026198801111111","licensed":"41302619881111111","name":"张某","number":"30042711","organizationCode":"235","telephone":"135268711111"}]
fileteat的配置文件
- type: logenabled: truepaths:- /usr/local/seektruth/situ-microservice-citic/logs/*/info.*.logmultiline:pattern: '^\d+'negate: truematch: afterfields:appname: online-microservice-citicpru-info-log- type: logenabled: truepaths:- /usr/local/seektruth/situ-microservice-citic/logs/*/access.*.logmultiline:pattern: '^\d+'negate: truematch: afterfields:appname: online-microservice-citicpru-access-log- type: logenabled: truepaths:- /usr/local/seektruth/situ-microservice-citic/logs/*/error.*.logmultiline:pattern: '^\d+'negate: truematch: afterfields:appname: online-microservice-citicpru-error-log
logstash的清洗配置
input {beats {port => 5044}}###########################################################################################################################filter {if [fields][appname] =~ ".*info-log" {grok {match => { "message" => ["(%{TIMESTAMP_ISO8601:Request_time}) \|(%{DATA:TraceId})\|(%{DATA:SpanId})\|(%{DATA:ParentSpanId})\|(%{DATA:Level})\|(%{DATA:PID})\|(%{DATA:Threading})\|(%{DATA:Code_Line})\|(%{DATA:Class_Name})\|(%{GREEDYDATA:Message})"] }}if [message] == ";" {drop {}}}if [fields][appname] =~ ".*error-log" {grok {match => { "message" => ["(%{TIMESTAMP_ISO8601:Request_time}) \|(%{DATA:TraceId})\|(%{DATA:SpanId})\|(%{DATA:ParentSpanId})\|(%{DATA:Level})\|(%{DATA:PID})\|(%{DATA:Threading})\|(%{DATA:Code_Line})\|(%{DATA:Class_Name})\|(%{GREEDYDATA:Message})"] }}}if [fields][appname] =~ ".*access-log" {grok {match => { "message" => ["(%{TIMESTAMP_ISO8601:Request_time}|-)\;(%{IPORHOST:Client_ip}|-)\;(%{DATA:User_name}|-)\;(%{DATA:Request_id}|-)\;(%{PATH:Request_uri}|-)\;(%{INT:Response_time}|-)\;(%{INT:Status_code}|-)\;(%{NOTSPACE:Message}|-)"] }}if [message] == ";" {drop {}}}date {match => [ "Request_time" , "MMM d HH:mm:ss", "MMM dd HH:mm:ss", "ISO8601" ]}}###########################################################################################################################output {if [fields][appname] == "online-microservice-citicpru-access-log" {elasticsearch {hosts => ["172.17.0.3:9200"]user => "elastic"password => "situ1234"index => "online-microservice-citicpru-access-log-%{+YYYY.MM.dd}"}}if [fields][appname] == "online-microservice-citicpru-info-log"{elasticsearch {:hosts => ["172.17.0.3:9200"]user => "elastic"password => "situ1234"index => "online-microservice-citicpru-info-log-%{+YYYY.MM.dd}"}}if [fields][appname] == "online-microservice-citicpru-error-log"{elasticsearch {hosts => ["172.17.0.3:9200"]user => "elastic"password => "situ1234"index => "online-microservice-citicpru-error-log-%{+YYYY.MM.dd}"}}}
效果图
若有收获,就点个赞吧
0 人点赞
