<pre name="code" class="html">[elk@dr-mysql01 tomcat]$ cat logstash_tomcat.conf

input {

        file {

                type => "zj_api"

                path => ["/data01/applog_backup/zjzc_log/zj-api*catalina*"]

        }

       file {

                type => "wj_api"

                path => ["/data01/applog_backup/winfae_log/wj-api*catalina*"]

        } 

}

 filter {

    multiline {

   pattern => "^\s+%{TIMESTAMP_ISO8601}"

  negate=>true

  what=>"previous"

 }

         mutate {

                       add_field => [ "[@metadata][zabbix_key]" , "logstash-api-access" ]

                       add_field => [ "[@metadata][zabbix_host]" , "dr-mysql01" ]

                }

    }

filter {

    grok {

        match => [ "message","(?m)\s*%{TIMESTAMP_ISO8601:time}\s+(?<Level>(\S+)).*"]

     }

     date {

        match => ["time", "yyyy-MM-dd HH:mm:ss,SSS"]

    }

}

output {

         if ([Level]  == "ERROR" or [message] =~ "Exception" ) and [message] !~ "温金服务未连接" {

          zabbix {

		zabbix_host => "[@metadata][zabbix_host]"

		zabbix_key => "[@metadata][zabbix_key]"

        zabbix_server_host => "192.168.32.55"

        zabbix_server_port => "10051"

		zabbix_value => "message"

        }

       }

     if [type] == "zj_api" {

        redis {

                host => "192.168.32.67"

                data_type => "list"

                key => "zj_api:redis"

                port=>"6379"

                password => "1234567"

        }

}

      else if [type] == "wj_api"{

       redis {

                host => "192.168.32.67"

                data_type => "list"

                key => "wj_api:redis"

                port=>"6379"

                password => "1234567"

        }

}

}