input {
file {
type => "erp_log"
path => "/var/log/nginx/catalina.out"
start_position => "beginning"
codec => multiline {
pattern => "^%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{HOUR}:?%{MINUTE}(?::?%{SECOND})"
negate => true
what => "previous"
}
}
}
output {
redis {
port => 6379
host => ["192.168.10.214"]
data_type => "list"
key => "erp-%{type}"
}
stdout {
codec => rubydebug
}
}注:negate => true:選項來指定任何不是以時間戳開始的行屬於前行,也就是不匹配pattern的行都屬於前行的內容的一部分。