如何使用Logstash输出将错误日志的计数发送到zabbix?
我是个新手。目前我有一个logstash.conf文件,它将错误日志发送到zabbix项。 我已经应用了一个定制的grok过滤器来查找ERROR | ERROR | ERROR关键字,并基于此将输出重定向到zabbix项。 但是,我希望logstash在筛选结果计算为true时发送一个增量计数器,而不是简单地发送相应的日志。 我怎样才能做到这一点 下面是我正在使用的日志文件的片段如何使用Logstash输出将错误日志的计数发送到zabbix?,logstash,zabbix,Logstash,Zabbix,我是个新手。目前我有一个logstash.conf文件,它将错误日志发送到zabbix项。 我已经应用了一个定制的grok过滤器来查找ERROR | ERROR | ERROR关键字,并基于此将输出重定向到zabbix项。 但是,我希望logstash在筛选结果计算为true时发送一个增量计数器,而不是简单地发送相应的日志。 我怎样才能做到这一点 下面是我正在使用的日志文件的片段 input { file { path => "/root/samp
input {
file {
path => "/root/sample.log"
type => "string"
}
}
# The filter part of this file is commented out to indicate that it is
# optional.
filter {
mutate {
add_field => { "[@metadata][error]" => "error" }
add_field => { "[@metadata][counter]" => "1" }
add_field => { "myhost" => "logstash" }
}
if "grokked" not in [tags] {
grok {
patterns_dir => ["/root/logstash-5.5.0/pattern"]
match => { "message" => "%{ERROR:log_level}" }
add_tag => ["ERROR", "grokked"]
}
}
}
output {
stdout { codec => rubydebug }
if "ERROR" in [tags]{
zabbix
{
zabbix_server_host => "192.168.56.102"
zabbix_host => "myhost"
zabbix_key => "[@metadata][error]"
#zabbix_value => "[@metadata][counter]"
}
这样,您将有一个名为error\u count的字段,其时间数
error消息中这就是我的做法,最后:
input {
file {
path => "/root/sample.log"
type => "string"
}
}
filter {
if "grokked" not in [tags]
{
grok {
patterns_dir => ["/root/logstash-5.5.0/pattern"]
match => { "message" => "%{ERROR:log_level}" }
add_tag => ["ERROR", "grokked"]
add_field => { "[@metadata][myhost]" => "logstash" }
add_field => { "[@metadata][error]" => "error" }
add_field => { "zabbix_message" => "The following has been detected in code:: %{message}"}
}
}
if "ERROR" in [tags]{
metrics {
meter => "error"
add_tag => "metric"
add_field => { "[@metadata][myhost]" => "logstash" }
add_field => { "[@metadata][error]" => "error" }
flush_interval => 30
#clear_interval => 60
add_field => { "zabbix_message" => "The current Error count is: %{[error][count]}" }
}
}
}
output
{
#stdout { codec => rubydebug }
if "metric" in [tags]{
zabbix
{
zabbix_server_host => "192.168.56.102"
zabbix_key => "[@metadata][error]"
zabbix_host => "[@metadata][myhost]"
zabbix_value => "zabbix_message"
}
}
if "ERROR" in [tags]{
zabbix
{
zabbix_server_host => "192.168.56.102"
zabbix_key => "[@metadata][error]"
zabbix_host => "[@metadata][myhost]"
zabbix_value => "zabbix_message"
}
}
}
我还创建了一个自定义模式文件以匹配模式:
/root/logstash-5.5.0/pattern
模式文件的内容包括:
错误(错误|错误|错误)
input {
file {
path => "/root/sample.log"
type => "string"
}
}
filter {
if "grokked" not in [tags]
{
grok {
patterns_dir => ["/root/logstash-5.5.0/pattern"]
match => { "message" => "%{ERROR:log_level}" }
add_tag => ["ERROR", "grokked"]
add_field => { "[@metadata][myhost]" => "logstash" }
add_field => { "[@metadata][error]" => "error" }
add_field => { "zabbix_message" => "The following has been detected in code:: %{message}"}
}
}
if "ERROR" in [tags]{
metrics {
meter => "error"
add_tag => "metric"
add_field => { "[@metadata][myhost]" => "logstash" }
add_field => { "[@metadata][error]" => "error" }
flush_interval => 30
#clear_interval => 60
add_field => { "zabbix_message" => "The current Error count is: %{[error][count]}" }
}
}
}
output
{
#stdout { codec => rubydebug }
if "metric" in [tags]{
zabbix
{
zabbix_server_host => "192.168.56.102"
zabbix_key => "[@metadata][error]"
zabbix_host => "[@metadata][myhost]"
zabbix_value => "zabbix_message"
}
}
if "ERROR" in [tags]{
zabbix
{
zabbix_server_host => "192.168.56.102"
zabbix_key => "[@metadata][error]"
zabbix_host => "[@metadata][myhost]"
zabbix_value => "zabbix_message"
}
}
}