安装logstash
# 安装logstash yum install -y java yum install -y lrzsz haveged systemctl start haveged systemctl enable haveged yum localinstall logstash-6.4.0.rpm -y
调试logstash,控制台输出
# 配置文件 vim /etc/logstash/conf.d/fb.conf
# 标准输入 input {stdin{}} # 过滤数据 filter { grok { match => {"message" => "%{NUMBER:a1}\t%{NUMBER:a2}\t%{NUMBER:logType}\t%{NUMBER:log_timestamp}\t"} # NUMBER匹配数据的第几位,后面字段名 } date { match => ["log_timestamp", "UNIX"] } ruby { code => " event.set('local_date', event.timestamp.time.localtime.strftime('%Y_%m_%d')) " } } # 标准输出 output { stdout { #codec => line { #format => "%{message}" #} } }
# 在前台启动可以看到输入,输出的结果。
# 指定配置文件启动,启动可能有点慢 /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/fb.conf # 输入 0 0 4 1573789909 UT001_2019-11-15-11:51:49.714364_808 0 10032 1 399 65118 65118 10000 10000 56 560111002 5601110020001 0 0 192.168.0.84 0 0 0 0
# 输出 { "@timestamp" => 2019-11-15T03:51:49.000Z, "message" => "0\t0\t4\t1573789909\tUT001_2019-11-15-11:51:49.714364_808\t0\t10032\t1\t399\t65118\t0\t65118\t10000\t10000\t56\t560111002\t5601110020001\t0\t0\t192.168.0.84\t0\t0\t0\t0\t0", "log_timestamp" => "1573789909", "logType" => "4", "a2" => "0", "@version" => "1", "host" => "kvm-233", "local_date" => "2019_11_15", "a1" => "0" }