如果文件路径为“/file/path”,则 Logstash 输出到自定义索引
Logstash output to custom index if file path is "/file/path"
这是我的工作 logstash 配置
output {
if[@metadata][pipeline] {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
pipeline => "%{[@metadata][pipeline]}"
user => some_user
password => pass_4_some_user
}
} else {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index =>"%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => some_user
password => pass_4_some_user
}
}
}
如果文件路径相等,我需要 /file/path
索引必须是 test_file_index-%{+YYYY.MM.dd}
我的新配置文件
output {
if "/file/path" in [@file][path] {
elasticsearch {
hosts => ["localhost:9200"]
index =>"test_file_index-%{+YYYY.MM.dd}"
user => some_user
password => pass_4_some_user
}
} else {
if[@metadata][pipeline] {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
pipeline => "%{[@metadata][pipeline]}"
user => some_user
password => pass_4_some_user
}
} else {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index =>"%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => some_user
password => pass_4_some_user
}
}
}
}
工作不正常。如果有人知道什么是正确的方法
我认为条件应该是
if "/file/path" in [path] {
由于文件输入将文件路径存储在path
字段中,而不是@file.path
output {
if [log][file][path] == "/full/file/path" {
elasticsearch {
hosts => ["localhost:9200"]
...
这个对我有用。
如果有人关心 )))
这是我的工作 logstash 配置
output {
if[@metadata][pipeline] {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
pipeline => "%{[@metadata][pipeline]}"
user => some_user
password => pass_4_some_user
}
} else {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index =>"%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => some_user
password => pass_4_some_user
}
}
}
如果文件路径相等,我需要 /file/path
索引必须是 test_file_index-%{+YYYY.MM.dd}
我的新配置文件
output {
if "/file/path" in [@file][path] {
elasticsearch {
hosts => ["localhost:9200"]
index =>"test_file_index-%{+YYYY.MM.dd}"
user => some_user
password => pass_4_some_user
}
} else {
if[@metadata][pipeline] {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
pipeline => "%{[@metadata][pipeline]}"
user => some_user
password => pass_4_some_user
}
} else {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index =>"%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => some_user
password => pass_4_some_user
}
}
}
}
工作不正常。如果有人知道什么是正确的方法
我认为条件应该是
if "/file/path" in [path] {
由于文件输入将文件路径存储在path
字段中,而不是@file.path
output {
if [log][file][path] == "/full/file/path" {
elasticsearch {
hosts => ["localhost:9200"]
...
这个对我有用。 如果有人关心 )))