# this is for logstash configuration
input {
beats {
port => 5044
}
}
filter {
grok {
match => {
"message" => "%{TIMESTAMP_ISO8601:timestamp} \[%{DATA:log_level}\] %{DATA:url} (?<content>(.)*)"
}
}
if "_grokparsefailure" not in [tags] {
if [content] {
json {
source => "content"
}
if [dest] == "mongo" {
mutate {
add_field => {"logType" => "query"}
}
}
else {
mutate {
add_field => {"logType" => "log"}
}
}
}
mutate {
remove_field => [ "content", "message", "tags"]
gsub => ["timestamp", ",[0-9]+", ""]
}
}
else {
mutate {
add_field => {"logType" => "else"}
}
}
}
output {
if [logType] == "query" { # this is for query log
mongodb {
collection => "log"
database => "gamedb"
uri => "mongodb://"
codec => json
isodate => true
}
}
else if [logType] == "log" and [log_level] == "INFO" {
s3 {
access_key_id => ""
secret_access_key => ""
region => "us-east-1"
prefix => "%{+YYYY/MM/dd}/"
bucket => ""
size_file => 100000 # size: bytes, 100000 = 100kbytes
time_file => 5
codec => "json_lines"
}
}elasticsearch {
hosts => [search.~~.es.aws.com:80]
}
}
'서버 교양' 카테고리의 다른 글
| Mysql visualization tool(그래프 툴) Super set! (0) | 2017.11.03 |
|---|---|
| filebeat traceabck multiline config (0) | 2017.10.16 |
| python 3.5 flask gevent async requests test (0) | 2017.04.07 |
| Logstash install (0) | 2017.03.17 |
| [펌] 인증 암호화와 해쉬 (0) | 2016.10.29 |
시간을 거스르는자
ytkang86@gmail.com