这是我在/etc/logstash/conf.d/apachelog.conf中的conf文件(下面)...我没看到kibana中的索引
但是当我输入这个命令时它会起作用 / opt / logstash / bin / logstash -f /etc/logstash/conf.d/apachelog.conf 我在elasticsearch中看到了索引
我想在我重启服务时启动它,例如" service logstash start"
input {
file {
path => "/var/log/apache2/access.log"
type => "apache_log" # a type to identify those logs (will need this later)
start_position => "beginning"
sincedb_path => "/dev/null" #to clear since db
}
}
filter {
grok {
match=> { message => "%{COMBINEDAPACHELOG}" }
}
date {
locale => "en"
match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output {
#stdout { }
elasticsearch {
hosts => ["localhost:9200"]
sniffing => true
manage_template => false
index => "mylogs"
}
}