logstash写入到kafka和从kafka读取日志

logstash写入到kafka和从kafka读取日志 2022-08-31 1088

收集nginx日志放到kafka

修改nginx日志格式：[nginx日志格式修改](https://blog.51cto.com/9025736/2373483)
input {
  file {
    type => "nginx-access"
    path => "/data/wwwlogs/access_nginx.log"
    start_position => "beginning"
    codec => json
 }

file {
   path => "/var/log/messages"
   start_position => "beginning"
   type => "system-log-252"
    }
   }
 }
output {
    if [type] == "nginx-access" {
kafka {
    bootstrap_servers => "192.168.1.252:9092" #kafka服务器地址
    topic_id => "252nginx-accesslog"
    batch_size => 5
    codec => "json" #写入的时候使用json编码，因为logstash收集后会转换成json格式
      }
      } 
                }
  if [type] == "system-log-252" {
 kafka {
  bootstrap_servers => "192.168.1.252:9092"
  topic_id => "system-log-252"
  batch_size => 5
  codec => "json" #写入的时候使用json编码，因为logstash收集后会转换成json格式
             }
                 }
     }
}

配置logstash从kafka读取日志

input {
  kafka {
     bootstrap_servers => "192.168.1.252:9092" #kafka服务器地址
     topics => "252nginx-accesslog"
     batch_size => 5
     codec => "json" #写入的时候使用json编码，因为logstash收集后会转换成json格式
     group_id => "252nginx-access-log" 
     consumer_threads => 1
     decorate_events => true 
  }
         kafka {
bootstrap_servers => "192.168.1.252:9092"
topics => "system-log-252"
consumer_threads => 1
decorate_events => true
codec => "json" 
}
}
output {
  if [type] == "252nginx-accesslo" {
  elasticsearch {
    hosts => ["192.168.1.252:9200"]
    index => "252nginx-accesslog-%{+YYYY.MM.dd}"
  }}
          if [type] == "system-log-252" {
 elasticsearch {
   hosts => ["192.168.1.252:9200"]
   index => "system-log-1512-%{+YYYY.MM.dd}"
 }
}

收集nginx日志放到kafka 修改nginx日志格式：[nginx日志格式修改](https://blog.51cto.com/9025736/2373483) input { file { type => "nginx-access" path => "/data/wwwlogs/access_nginx.log" start_position => "beginning" codec => json } file { path => "/var/log/messages" start_position => "beginning" type => "system-log-252" } } } output { if [type] == "nginx-access" { kafka { bootstrap_servers => "192.168.1.252:9092" #kafka服务器地址 topic_id => "252nginx-accesslog" batch_size => 5 codec => "json" #写入的时候使用json编码，因为logstash收集后会转换成json格式 } } } if [type] == "system-log-252" { kafka { bootstrap_servers => "192.168.1.252:9092" topic_id => "system-log-252" batch_size => 5 codec => "json" #写入的时候使用json编码，因为logstash收集后会转换成json格式 } } } } 配置logstash从kafka读取日志 input { kafka { bootstrap_servers => "192.168.1.252:9092" #kafka服务器地址 topics => "252nginx-accesslog" batch_size => 5 codec => "json" #写入的时候使用json编码，因为logstash收集后会转换成json格式 group_id => "252nginx-access-log" consumer_threads => 1 decorate_events => true } kafka { bootstrap_servers => "192.168.1.252:9092" topics => "system-log-252" consumer_threads => 1 decorate_events => true codec => "json" } } output { if [type] == "252nginx-accesslo" { elasticsearch { hosts => ["192.168.1.252:9200"] index => "252nginx-accesslog-%{+YYYY.MM.dd}" }} if [type] == "system-log-252" { elasticsearch { hosts => ["192.168.1.252:9200"] index => "system-log-1512-%{+YYYY.MM.dd}" } }

文章来自:IT技术分享网
分享地址:http://www.5ityx.cn/cate112/148846.html

上一篇： JS实现多线程数据分片下载

下一篇：过拟合和欠拟合的形象解释

logstash写入到kafka和从kafka读取日志

收集nginx日志放到kafka

配置logstash从kafka读取日志

logstash写入到kafka和从kafka读取日志 相关内容

聚合标签

logstash写入到kafka和从kafka读取日志相关内容