【ELK】抓取AWS-ELB日誌的logstash配置文件
前言html
ELK搭建沒有難度,難的是logstash的配置文件,logstash主要分爲三個部分,input,filter和output。api
input,輸入源可選的輸入源由不少,詳情見ELK官網,這裏咱們說s3做爲輸入源。elasticsearch
filter,過濾器,logstash能夠在input和output中間添加過濾器,能夠將數據進行分類、過濾、打標籤等操做,將數據格式化。logstash的核心就在此。post
output,輸出。通常是輸出到elasticsearch。url
說明:插件
AWS的ELB日誌存儲在S3,能夠經過logstash的S3插件獲取,通過過濾器後,輸出到elasticsearch。日誌
ELK的搭建和配置在這裏就不說了,看官方文檔就行,這裏提供一個logstash的配置文件 ,用於抓取和格式化ELB日誌。code
input {
s3 {
access_key_id => "access_key"
secret_access_key => "secret_key"
bucket => "elb_bucket"
region => "aws_region"
type => "s3"
}
}
filter {
mutate{
split => { "message" => " " }
add_field => {
"log_time" => "%{[message][0]}"
}
add_field => {
"elb_name" => "%{[message][1]}"
}
add_field => {
"client_ip" => "%{[message][2]}"
}
add_field => {
"t1" => "%{[message][4]}"
}
add_field => {
"t2" => "%{[message][5]}"
}
add_field => {
"t3" => "%{[message][6]}"
}
add_field => {
"elb_code" => "%{[message][7]}"
}
add_field => {
"server_code" => "%{[message][8]}"
}
add_field => {
"getpost" => "%{[message][11]}"
}
add_field => {
"url" => "%{[message][12]}"
}
remove_field => [ "message" ]
}
mutate {
convert => { "t1" => "float" }
convert => { "t2" => "float" }
convert => { "t3" => "float" }
convert => { "elb_code" => "integer" }
convert => { "server_code" => "integer" }
}
grok {
break_on_match => false
match => { "client_ip" => "%{IPV4:device_ip}" }
match => { "url" => "%{URIPROTO:url_head}://%{URIHOST:url_destination}:%{POSINT:url_port}%{URIPATH:url_path}(?:%{URIPARAM:url_param})?" }
match => { "getpost" => "%{WORD:get_post}" }
remove_field => [ "getpost" ]
}
mutate{
split => { "url_path" => "." }
add_field => {
"url_api" => "%{[url_path][0]}"
}
add_field => {
"html_ashx" => "%{[url_path][1]}"
}
}
date {
match => ["log_time", "ISO8601"]
target => "log_date"
add_tag => [ "log_date" ]
remove_field => [ "log_time" ]
}
geoip {
source => "device_ip"
add_tag => [ "geoip" ]
remove_field => [ "client_ip" ]
}
}
output {
elasticsearch {
hosts => ["xxx.xxx.xxx.xxx:9200"]
index => "logstash-s3-%{+YYYY-MM-dd}"
}
}
相關文章
- 1. elk 日誌分析-logstash配置
- 2. ELK之Logstash-shipper獲取日誌數據
- 3. ELK logstash 處理mongodb日誌
- 4. ELK-Logstash Nginx 日誌分析
- 5. ELK日誌平臺之Logstash
- 6. logstash 抓取IIS日誌文件寫入Elasticsearch
- 7. ELK之Logstash配置文件詳解
- 8. Filebeat+ELK配置rabbitmq日誌
- 9. ELK日誌管理之——logstash配置語法
- 10. 安裝ELK elasticsearch+logstash+kibana日誌監控系統簡單配置
- 更多相關文章...
- • Maven 構建配置文件 - Maven教程
- • MyBatis配置文件詳解 - MyBatis教程
- • IDEA下SpringBoot工程配置文件沒有提示
- • Docker容器實戰(七) - 容器眼光下的文件系統
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
歡迎關注本站公眾號,獲取更多信息
相關文章