这是我第一次使用ELK,并且对日志集成有疑问。
我成功将日志从nginx.log和uwsgi.log文件获取到ELK。我在file.conf目录中使用了一些/logstash。现在,我想将postgreSQL日志文件添加到ELK。
使用syslog,postgreSQL日志文件如下所示:
1-来自postgreSQL文件的日志如下:
Feb 5 16:09:58 my_server postgres[79853]: [72-1] ERROR: relation "app_entrytherapeuticclasslabelled" already exists
Feb 5 16:09:58 my_server postgres[79853]: [72-2] STATEMENT: CREATE TABLE app_entrytherapeuticclasslabelled (
Feb 5 16:09:58 my_server postgres[79853]: [72-3] id integer NOT NULL,
Feb 5 16:09:58 my_server postgres[79853]: [72-4] entry_id integer NOT NULL,
Feb 5 16:09:58 my_server postgres[79853]: [72-5] name_id integer
Feb 5 16:09:58 my_server postgres[79853]: [72-6] );
1-我创建了一个名为30-postgres.conf
input {
file {
type => "postgres"
path => "/var/log/messages*"
}
}
filter {
grok {
}
mutate {
}
date {
}
useragent {
}
geoip {
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
index => "logstash-postgres-%{+YYYY.MM}"
}
}
如何填充30-postgres.conf以便考虑我的messages.* logs files?