从Logstash中的日志文件中过滤特定行 [英] Filtering specific lines from log file in logstash
问题描述
我无法从日志文件/var/log/messages中获取特定行.我在客户端服务器中使用logstash-forwarder,在日志服务器中使用logstash,elasticsearch和kibana.我尝试安装 grep 过滤器,但是它给了我一些错误,所以我尝试安装用grok在下面实现.我的原始帖子是此处.我发现了此,但是我非常不满意.
I am not able to get specific lines from logs file /var/log/messages. I am using logstash-forwarder in client-server and logstash, elasticsearch and kibana in log-server. I tried to install grep filter but it gives me some error so I try to implement below with grok. My original post is here . I found this but m quite unsatisfied.
以下是logstash-forwarder文件名的配置:客户端-服务器中的logstash-forwarder
Following is the configuration for logstash-forwarder file-name: logstash-forwarder in client-server
{
"network": {
"servers": [ "logstashserver-ip:5000" ],
"timeout": 15,
"ssl ca": "xxx.crt"
},
"files": [
{
"paths": [
"/var/log/messages"
],
"fields": { "type": "syslog" }
}
]
}
以下是logstashserver中的logstash配置
and following is the logstash configuration in logstashserver
文件名:input.conf
file-name:input.conf
input {
lumberjack {
port => 5000
type => "logs"
ssl_certificate => "xxx.crt"
ssl_key => "xxx.key"
}
}
文件名:filter.conf
file-name:filter.conf
filter {
grok {
match => ["message", "\[%{WORD:messagetype}\]: %{GREEDYDATA}"]
}
}
文件名:output.conf
file-name:output.conf
output {
elasticsearch { host => "logstashserver-ip" }
if [messagetype] == "ERROR" {
stdout {
codec => "rubydebug"
}
}
}
有什么问题吗?
推荐答案
不确定您是否仍然遇到此问题,但是我会考虑删除不需要的消息.在我的服务器上,我获得了syslog严重性级别,其中包括syslog_severity_code,如 http://en.wikipedia上所定义. org/wiki/Syslog#Severity_levels .
Not sure if you're still having this problem, but I'd look at dropping the messages you don't want. On my server, I get syslog severity levels which include syslog_severity_code as defined at http://en.wikipedia.org/wiki/Syslog#Severity_levels.
如果您要在索引中加入它们,请尝试类似
If you're getting them in your indices, try something like
filter {
if [type] == 'syslog' and [syslog_severity_code] > 5 {
drop { }
}
}
这篇关于从Logstash中的日志文件中过滤特定行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
