input {
tcp {
port => 5000
type => syslog
}
udp {
port => 5000
type => syslog
}
}
filter {
mutate {
split => ["message","|!"]
add_field => {"field1"=>"%{[message][0]}"}
add_field => {"field2"=>"%{[message][1]}"}
add_field => {"field3"=>"%{[message][2]}"}
add_field => {"field4"=>"%{[message][3]}"}
}
json {
source => "field4"
}
}
output {
stdout {
codec => rubydebug #控制檯輸出處理過後的數據
}
}
input {
udp {
port => 443
codec => cef
type => ceshi
}
}
output {
elasticsearch {
hosts => ["192.168.40.100:9200"]
index => "test_index"
document_type => "repo"
manage_template => true
template_name => "test_template"
template_overwrite => true
template => "/etc/logstash/conf.d/template/test_template.json"
}
stdout {}
}
input {
tcp {
port => xxx
type => syslog
}
udp {
port => xxx
type => syslog
}
}
filter{
mutate {
split => ["message", "|!"]
add_field => {"aaa"=>"%{[message][0]}"}
add_field => {"bbb"=>"%{[message][1]}"}
add_field => {"ccc"=>"%{[message][2]}"}
add_field => {"ddd"=>"%{[message][3]}"}
}
json {
source => "ddd"
}
mutate {
split => ["aaa", "]: "]
add_field => {"send_time"=>"%{[aaa][1]}"}
remove_field =>["aaa"]
}
mutate {
remove_field =>["message"]
remove_field =>["ddd"]
}
}
output {
elasticsearch {
hosts => ["yyyy"]
index => "zzzz"
document_type => "repo"
manage_template => true
}
stdout {}
}
output {
stdout {
codec => rubydebug
}
}
input {
elasticsearch {
hosts => "aaaa"
index => "bbb"
query => '{"query": {"bool": {"must": [{"match_all": { }}]}}}'
docinfo => true
}
}
output {
csv {
fields => ["字段1","字段2","字段3"]
path => "./導出的文件名稱.csv"
}
}
output {
jdbc {
driver_jar_path => "/data/ats/logstash-6.1.2/vendor/jdbc/mysql-connector-java-5.1.48/mysql-connector-java-5.1.48-bin.jar"
driver_class => "com.mysql.jdbc.Driver"
connection_string => "jdbc:mysql://IP地址:端口/數據庫名?user=用戶名&password=密碼&useSSL=false&characterEncoding=UTF-8"
statement => [ "INSERT INTO tabble(field1 ,field2 ,field3) VALUES(? ,? ,?)", "field1" ,"field2" ,"field3" ]
}
http://doc.yonyoucloud.com/doc/logstash-best-practice-cn/input/stdin.html