- elasticsearch/
elasticsearch 如何为多个日志文件修改td代理文件
elasticsearch 如何为多个日志文件修改td代理文件
我有一个服务器,它正在做一些与网络中其他设备相关的处理,然后相应地将每个设备的日志保存在自己的文件中。它检查每个设备及其数据的运行状况,并将其保存在json日志文件中。日志文件如下所示:
rp_001_health.json -> health logs for 001 device
rp_001_prod.json -> production logs for 001 device
rp_002_health.json -> health logs for 002 device
rp_002_prod.json -> production logs for 002 device
rp_003_health.json -> health logs for 003 device
rp_003_prod.json -> production logs for 003 device
rp_004_health.json -> production logs for 004 device
rp_004_prod.json -> production logs for 004 device
<source>
@type tail
path /home/ripe/Documents/ripeproduct/logs/rp_001_health.json
pos_file /home/ripe/Documents/ripeproduct/logs/rp_001_health.json.pos
format json
time_format %Y-%m-%d %H:%M:%S
tag health001
</source>
<source>
@type tail
path /home/ripe/Documents/ripeproduct/logs/rp_002_health.json
pos_file /home/ripe/Documents/ripeproduct/logs/rp_002_health.json.pos
format json
time_format %Y-%m-%d %H:%M:%S
tag health002
</source>
<filter *health*>
@type record_transformer
<record>
hostname ${hostname}
Customer "Nycil"
Version "V2"
</record>
</filter>
<match *health001*>
@type elasticsearch
hosts https://search-rpproduction-0fzlamandaofgvfcukuoyewkrtfkkw2vre.eu-west-2.es.amazonaws.com/
user <user>
password <pwd>
index_name rp_health_001
type_name health
</match>
<match *health002*>
@type elasticsearch
hosts https://search-rpproduction-0fzlamandaofgvfcukuoyewkrtfkkw2vre.eu-west-2.es.amazonaws.com/
user <user>
password <pwd>
index_name rp_health_002
type_name health
</match>
elasticsearchkibanatd-agenttd-agent.confrp_001_health.json -> health logs for 001 device
rp_001_prod.json -> production logs for 001 device
rp_002_health.json -> health logs for 002 device
rp_002_prod.json -> production logs for 002 device
rp_003_health.json -> health logs for 003 device
rp_003_prod.json -> production logs for 003 device
rp_004_health.json -> production logs for 004 device
rp_004_prod.json -> production logs for 004 device
<source>
@type tail
path /home/ripe/Documents/ripeproduct/logs/rp_001_health.json
pos_file /home/ripe/Documents/ripeproduct/logs/rp_001_health.json.pos
format json
time_format %Y-%m-%d %H:%M:%S
tag health001
</source>
<source>
@type tail
path /home/ripe/Documents/ripeproduct/logs/rp_002_health.json
pos_file /home/ripe/Documents/ripeproduct/logs/rp_002_health.json.pos
format json
time_format %Y-%m-%d %H:%M:%S
tag health002
</source>
<filter *health*>
@type record_transformer
<record>
hostname ${hostname}
Customer "Nycil"
Version "V2"
</record>
</filter>
<match *health001*>
@type elasticsearch
hosts https://search-rpproduction-0fzlamandaofgvfcukuoyewkrtfkkw2vre.eu-west-2.es.amazonaws.com/
user <user>
password <pwd>
index_name rp_health_001
type_name health
</match>
<match *health002*>
@type elasticsearch
hosts https://search-rpproduction-0fzlamandaofgvfcukuoyewkrtfkkw2vre.eu-west-2.es.amazonaws.com/
user <user>
password <pwd>
index_name rp_health_002
type_name health
</match>
@型尾
path/home/ripe/Documents/ripeproduct/logs/rp_001_health.json
pos_文件/home/ripe/Documents/ripeproduct/logs/rp_001_health.json.pos
格式json
时间\u格式%Y-%m-%d%H:%m:%S
标签health001
@型尾
path/home/ripe/Documents/ripeproduct/logs/rp_002_health.json
pos_文件/home/ripe/Documents/ripeproduct/logs/rp_002_health.json.pos
格式json
时间\u格式%Y-%m-%d%H:%m:%S
标签health002
@型记录变压器
主机名${hostname}
客户“Nycil”
版本“V2”
@类型弹性搜索
主人https://search-rpproduction-0fzlamandaofgvfcukuoyewkrtfkkw2vre.eu-west-2.es.amazonaws.com/
使用者
密码
索引\u名称rp\u健康\u 001
键入\u名称健康状况
@类型弹性搜索
主人https://search-rpproduction-0fzlamandaofgvfcukuoyewkrtfkkw2vre.eu-west-2.es.amazonaws.com/
使用者
密码
索引\u名称rp\u健康\u 002
键入\u名称健康状况
rp_health_<device_id> -> rp_health_001 or rp_health_002
rp\u health->rp\u health\u 001或rp\u health\u 002