[root@10-19-148-59 etc]# vim front_esb.conf
input {
beats {
type => beats
port => 5077
}
}
filter {
if [type] == 'test-front' {
grok {
overwrite => ['message']
}
}
if [type] == 'test-esb' {
grok {
overwrite => ['message']
}
}
}
output {
if [type] == 'test-front' {
elasticsearch {
hosts => ["10.19.148.59:9200"]
index => "test-front-%{+YYYY.MM.dd}"
}
}
if [type] == 'test-esb' {
elasticsearch {
hosts => ["10.19.148.59:9200"]
index => "test-esb-%{+YYYY.MM.dd}"
}
}
}
我这里的日志采集用的是filebeat 来采集日志的