[英]Elasticsearch + Filebeat + Logstash
I am new to elastic stack and recently tried to ship logs to ELK stack, but observed strange issue.我是弹性堆栈的新手,最近尝试将日志发送到 ELK 堆栈,但观察到奇怪的问题。 Could someone please suggest me with the configuration.有人可以建议我配置。
filebeat.yml
filebeat.inputs:
- type: log
paths:
#- /var/log/*.log
- D:\apps\logs\RGGYSLT-0473\learnings-elasticsearch\*.log
multiline.pattern: '^\[[0-9]{4}-[0-9]{2}-[0-9]{2}'
multiline.negate: true
multiline.match: after
logstash.conf
input {
beats {
type => "v1-elasticsearch"
host => "127.0.0.1"
port => "5044"
}
}
filter {
if[type] == "v1-elasticsearch" {
#If log line contains tab character followed by 'at' then we will tag that entry as stacktrace
if [message] =~ "\tat" {
grok {
match => ["message", "^(\tat)"]
add_tag => ["stacktrace"]
}
}
}
}
output {
stdout {
codec => rubydebug
}
# Sending properly parsed log events to elasticsearch
elasticsearch {
hosts => ["http://localhost:9200"]
index => "dhisco-learnings-elasticseach-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
#user => "elastic"
#password => "changeme"
}
}
Kibana output - Kibana output -
Jun 7, 2020 @ 23:58:58.067 2020-06-07 23:58:48,480 88900 [http-nio-9090-exec-2] INFO c.d.l.e.web.HotelController - Brand: RADISSON
2020-06-07 23:58:49,297 88900 [http-nio-9090-exec-3] INFO c.d.l.e.web.HotelController - Brand: RADISSON
I hit my controller twice, but unfortunately, both logs got concatenated and shown against the same timestamp.我打了我的 controller 两次,但不幸的是,两个日志都连接起来并显示在相同的时间戳上。
Could someone please suggest?有人可以建议吗?
I did the same thing using json encoder and never faced any issues.我使用 json 编码器做了同样的事情,从未遇到任何问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.