- elasticsearch/
elasticsearch 如何为elk堆栈中存储的日志设置日志级别
elasticsearch 如何为elk堆栈中存储的日志设置日志级别
是否可以提高ELK堆栈上存储的日志的日志级别?现在我发现所有日志级别都存储在我的elk堆栈中,我只希望那些警告和错误日志存储在堆栈中,如何做到这一点?我想您正在寻找logstash drop filter,它允许您根据一些标准过滤日志,例如调试、信息等。从文档中,过滤器可能如下所示:
filter {
if [loglevel] == "debug" {
drop { }
}
}
{
"message" => "WARN | 2008-09-06 10:51:44,848 | AbstractBeanDefinitionReader.java | 185 | Loaded 5 bean definitions from location pattern [samContext.xml]",
"@version" => "1",
"@timestamp" => "2015-09-17T18:30:24.897Z",
"host" => "MacBook-Pro-de-Alain.local",
"path" => "/Users/Alain/Workspace/elk/logstash-1.5.4/config/filter/test.log"
}
{
"message" => "ERROR | 2008-09-06 10:51:44,848 | BeansDtdResolver.java | 72 | Found beans DTD [http://www.springframework.org/dtd/spring-beans.dtd] in classpath: spring-beans.dtd",
"@version" => "1",
"@timestamp" => "2015-09-17T18:30:24.898Z",
"host" => "MacBook-Pro-de-Alain.local",
"path" => "/Users/Alain/Workspace/elk/logstash-1.5.4/config/filter/test.log"
}
{
"message" => "ERROR | 2008-09-06 10:51:44,864 | DefaultBeanDefinitionDocumentReader.java | 86 | Loading bean definitions",
"@version" => "1",
"@timestamp" => "2015-09-17T18:30:24.899Z",
"host" => "MacBook-Pro-de-Alain.local",
"path" => "/Users/Alain/Workspace/elk/logstash-1.5.4/config/filter/test.log"
}
如果您有一个日志文件test.log,如下所示:
DEBUG | 2008-09-06 10:51:44,817 | DefaultBeanDefinitionDocumentReader.java | 86 | Loading bean definitions
WARN | 2008-09-06 10:51:44,848 | AbstractBeanDefinitionReader.java | 185 | Loaded 5 bean definitions from location pattern [samContext.xml]
INFO | 2008-09-06 10:51:44,848 | XmlBeanDefinitionReader.java | 323 | Loading XML bean definitions from class path resource [tmfContext.xml]
DEBUG | 2008-09-06 10:51:44,848 | DefaultDocumentLoader.java | 72 | Using JAXP provider [com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl]
ERROR | 2008-09-06 10:51:44,848 | BeansDtdResolver.java | 72 | Found beans DTD [http://www.springframework.org/dtd/spring-beans.dtd] in classpath: spring-beans.dtd
ERROR | 2008-09-06 10:51:44,864 | DefaultBeanDefinitionDocumentReader.java | 86 | Loading bean definitions
DEBUG | 2008-09-06 10:51:45,458 | AbstractAutowireCapableBeanFactory.java | 411 | Finished creating instance of bean 'MS-SQL'
input {
file {
path => "/your/path/test.log"
sincedb_path => "/your/path/test.idx"
start_position => "beginning"
}
}
filter {
if [message] =~ "WARN" or [message] =~ "ERROR" {
} else {
drop {}
}
}
output {
stdout {
codec => rubydebug
}
}
filter {
if [loglevel] == "debug" {
drop { }
}
}
{
"message" => "WARN | 2008-09-06 10:51:44,848 | AbstractBeanDefinitionReader.java | 185 | Loaded 5 bean definitions from location pattern [samContext.xml]",
"@version" => "1",
"@timestamp" => "2015-09-17T18:30:24.897Z",
"host" => "MacBook-Pro-de-Alain.local",
"path" => "/Users/Alain/Workspace/elk/logstash-1.5.4/config/filter/test.log"
}
{
"message" => "ERROR | 2008-09-06 10:51:44,848 | BeansDtdResolver.java | 72 | Found beans DTD [http://www.springframework.org/dtd/spring-beans.dtd] in classpath: spring-beans.dtd",
"@version" => "1",
"@timestamp" => "2015-09-17T18:30:24.898Z",
"host" => "MacBook-Pro-de-Alain.local",
"path" => "/Users/Alain/Workspace/elk/logstash-1.5.4/config/filter/test.log"
}
{
"message" => "ERROR | 2008-09-06 10:51:44,864 | DefaultBeanDefinitionDocumentReader.java | 86 | Loading bean definitions",
"@version" => "1",
"@timestamp" => "2015-09-17T18:30:24.899Z",
"host" => "MacBook-Pro-de-Alain.local",
"path" => "/Users/Alain/Workspace/elk/logstash-1.5.4/config/filter/test.log"
}