我可以使用logstash.conf创建索引。我的输入类型是gelf。 我正在将logstash日志发送给kibana。 这是我的logstash.conf
input
{ gelf { }
}
output
{
stdout { codec => rubydebug }
elasticsearch {
hosts => ["elk.lera.com:80"]
index => "templeton-math-%{+YYYY.MM.dd}"
}
elasticsearch {
hosts => ["elk.lera.com:80"]
index => "templeton-science-%{+YYYY.MM.dd}"
}
elasticsearch {
hosts => ["elk.lera.com:80"]
index => "templeton-bio-%{+YYYY.MM.dd}"
}
elasticsearch {
hosts => ["elk.lera.com:80"]
index => "templeton-lang-%{+YYYY.MM.dd}"
}
}
问题:现在将日志发送到所有索引。我想将日志发送到各自的索引。
我添加了喜欢
if[tag] == "templeton-math"{
elasticsearch {
hosts => ["elk.lera.com:80"]
index => "templeton-math-%{+YYYY.MM.dd}"
}
}
这是一个错误 INFO logstash.agent - 找不到持久性UUID文件。生成新的UUID {:uuid =>" 67f7a48e-fc7c-499b-85a0-3fd6979f88f6",:path =>" / var / lib / logstash / uuid"} 14:58:14.308 [LogStash :: Runner]错误logstash.agent - 无法创建管道{:reason =>"预期的#,=>输出后的第22行第9列(字节179)\ n \ n {\ n \ n elasticsearch {\ n hosts"} 2017-10-11 14:58:14,355 Api Webserver ERROR找不到log4j2配置文件。使用默认配置:仅将错误记录到控制台。
答案 0 :(得分:0)
试试这个。
output {
stdout { codec => rubydebug }
if [tag] == "templeton-math" {
elasticsearch {
hosts => ["elk.lera.com:80"]
index => "templeton-math-%{+YYYY.MM.dd}"
}
}
if [tag] == "templeton-science" {
elasticsearch {
hosts => ["elk.lera.com:80"]
index => "templeton-science-%{+YYYY.MM.dd}"
}
}
if [tag] == "templeton-bio" {
elasticsearch {
hosts => ["elk.lera.com:80"]
index => "templeton-bio-%{+YYYY.MM.dd}"
}
}
if [tag] == "templeton-lang" {
elasticsearch {
hosts => ["elk.lera.com:80"]
index => "templeton-lang-%{+YYYY.MM.dd}"
}
}
}