Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/backbone.js/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
<img src="//i.stack.imgur.com/RUiNP.png" height="16" width="18" alt="" class="sponsor tag img">elasticsearch logstash-过滤日志并发送到不同的elasticsearch群集_<img Src="//i.stack.imgur.com/RUiNP.png" Height="16" Width="18" Alt="" Class="sponsor Tag Img">elasticsearch_Logstash_Logstash Grok_Logstash Forwarder - Fatal编程技术网 elasticsearch logstash-过滤日志并发送到不同的elasticsearch群集,elasticsearch,logstash,logstash-grok,logstash-forwarder,elasticsearch,Logstash,Logstash Grok,Logstash Forwarder" /> elasticsearch logstash-过滤日志并发送到不同的elasticsearch群集,elasticsearch,logstash,logstash-grok,logstash-forwarder,elasticsearch,Logstash,Logstash Grok,Logstash Forwarder" />
Fatal编程技术网
  • elasticsearch/
  • elasticsearch logstash-过滤日志并发送到不同的elasticsearch群集

elasticsearch logstash-过滤日志并发送到不同的elasticsearch群集

logstash

elasticsearch logstash-过滤日志并发送到不同的elasticsearch群集,elasticsearch,logstash,logstash-grok,logstash-forwarder,elasticsearch,Logstash,Logstash Grok,Logstash Forwarder,假设我有这样一个堆栈:logstash forwarder->logstash->elasticsearch->kibana 我想知道是否可以使用logstash forwarder监控整个目录,并根据过滤器将日志发送到不同的elasticsearch集群。用例: 我有一些程序可以把日志打印到同一个目录。这些日志可能包含两种类型的消息—私有消息或调试消息。同样,这些消息可以在相同的日志文件中显示。 我知道可以为某些文件指定不同的类型,并使用if对它们进行过滤,以获得不同的输出。我不知道的是,当某

假设我有这样一个堆栈:logstash forwarder->logstash->elasticsearch->kibana

我想知道是否可以使用logstash forwarder监控整个目录,并根据过滤器将日志发送到不同的elasticsearch集群。用例:

我有一些程序可以把日志打印到同一个目录。这些日志可能包含两种类型的消息—私有消息或调试消息。同样,这些消息可以在相同的日志文件中显示。 我知道可以为某些文件指定不同的类型,并使用if对它们进行过滤,以获得不同的输出。我不知道的是,当某个日志可以包含多种类型的logmessage时,您可以做什么

有办法把他们分开吗?我想限制某些用户访问带有私人信息的日志消息,我想到了两个不同的elasticsearch集群,每个集群都有自己的Kibana和LDAP

BR

让您的筛选器根据邮件内容添加一个新字段,并使用该字段来决定此邮件应转到哪个输出

事件流:

logstash-forwarder --> broker ---> logstash-indexer | --> elasticsearch public
                                                    | --> elasticsearch private
伪配置:

input { 
    # broker input
}

filter {

    # structure message
    grok {}

    filter {
        if [action] == "login" {
            add_field => { "privacy" => 'private' }
        } else {
            add_field => { "privacy" => 'public' }
        }
    }
}

output {
    if [privacy] == "private" {
        elasticsearch { 
            # private elasticsearch instance
        }
    }

    if [privacy] == "public" {
        elasticsearch { 
            # public elasticsearch instance
        }
    }

}
让您的筛选器根据消息内容添加一个新字段,并使用该字段来决定此消息应转到哪个输出

事件流:

logstash-forwarder --> broker ---> logstash-indexer | --> elasticsearch public
                                                    | --> elasticsearch private
伪配置:

input { 
    # broker input
}

filter {

    # structure message
    grok {}

    filter {
        if [action] == "login" {
            add_field => { "privacy" => 'private' }
        } else {
            add_field => { "privacy" => 'public' }
        }
    }
}

output {
    if [privacy] == "private" {
        elasticsearch { 
            # private elasticsearch instance
        }
    }

    if [privacy] == "public" {
        elasticsearch { 
            # public elasticsearch instance
        }
    }

}
让您的筛选器根据消息内容添加一个新字段,并使用该字段来决定此消息应转到哪个输出

事件流:

logstash-forwarder --> broker ---> logstash-indexer | --> elasticsearch public
                                                    | --> elasticsearch private
伪配置:

input { 
    # broker input
}

filter {

    # structure message
    grok {}

    filter {
        if [action] == "login" {
            add_field => { "privacy" => 'private' }
        } else {
            add_field => { "privacy" => 'public' }
        }
    }
}

output {
    if [privacy] == "private" {
        elasticsearch { 
            # private elasticsearch instance
        }
    }

    if [privacy] == "public" {
        elasticsearch { 
            # public elasticsearch instance
        }
    }

}
让您的筛选器根据消息内容添加一个新字段,并使用该字段来决定此消息应转到哪个输出

事件流:

logstash-forwarder --> broker ---> logstash-indexer | --> elasticsearch public
                                                    | --> elasticsearch private
伪配置:

input { 
    # broker input
}

filter {

    # structure message
    grok {}

    filter {
        if [action] == "login" {
            add_field => { "privacy" => 'private' }
        } else {
            add_field => { "privacy" => 'public' }
        }
    }
}

output {
    if [privacy] == "private" {
        elasticsearch { 
            # private elasticsearch instance
        }
    }

    if [privacy] == "public" {
        elasticsearch { 
            # public elasticsearch instance
        }
    }

}
谢谢你,弗兰克。工作起来很有魅力!谢谢你,弗兰克。工作起来很有魅力!谢谢你,弗兰克。工作起来很有魅力!谢谢你,弗兰克。工作起来很有魅力!