1)如何每1分钟运行一次此配置文件。 (我尝试使用schedule =>“ * * * * *”和sincedb_write_interval =>“ 60 sec”)
2)如何保持stmt接受的行数 (我使用了count ++但没有用)
这是我的配置文件:
input
{
generator { count => 1 }
file
{
path => "C:/ELK-Stack/log files/SAPInterface.log"
start_position => "beginning"
sincedb_path => "C:\ELK-Stack\LG\logstash\data\plugins\inputs\file\.sincedb"
sincedb_write_interval => "60 sec"
}
}
filter
{
grok
{
match => [
"message",
"%{TIMESTAMP_ISO8601:logsimestamp}%{SPACE}%{WORD:type}%{SPACE}\[%{DATA:ERROR}\]%{SPACE}%{INT:INT}:%{WORD:type2}%{SPACE}%{WORD:type3}%{SPACE}%{WORD:type4}"
]
}
if "_grokparsefailure" in [tags]
{
drop { }
}
if "2000023" in [INT]
{
mutate
{
add_tag => ["countthetimes"]
count++
}
}
}
output
{
stdout
{
codec => json_lines
}
elasticsearch
{
hosts => ["localhost:9200"]
index => "cs_00000000000000"
}
}
期望的输出是计数并自动每分钟运行此配置文件。