Hōʻike
ʻOiai ke kau ʻana i kahi ʻōnaehana ʻē aʻe, ua ʻike mākou i ka pono e hoʻoponopono i ka nui o nā lāʻau like ʻole. Ua koho ʻia ʻo ELK i mea hana. E kūkākūkā kēia ʻatikala i kā mākou ʻike i ka hoʻonohonoho ʻana i kēia waihona.
ʻAʻole mākou i hoʻonohonoho i kahi pahuhopu e wehewehe i kona mau mea hiki, akā makemake mākou e noʻonoʻo pono i ka hoʻoponopono ʻana i nā pilikia kūpono. ʻO kēia ma muli o ka nui o nā palapala a me nā kiʻi i hoʻomākaukau ʻia, he nui nā pitfalls, ma ka liʻiliʻi loa ua loaʻa iā mākou.
Ua kau mākou i ka waihona ma o docker-compose. Eia kekahi, loaʻa iā mākou kahi docker-compose.yml i kākau maikaʻi ʻia, i ʻae iā mākou e hoʻokiʻekiʻe i ka waihona me ka ʻole o nā pilikia. A ua manaʻo mākou ua kokoke ka lanakila, i kēia manawa e hoʻololi iki mākou e kūpono i kā mākou pono a ʻo ia nō.
ʻO ka mea pōʻino, ʻaʻole i kūleʻa koke kā mākou hoʻāʻo e hoʻonohonoho i ka ʻōnaehana no ka loaʻa ʻana a me ka hana ʻana i nā lāʻau mai kā mākou noi. No laila, ua hoʻoholo mākou he mea pono ke aʻo ʻana i kēlā me kēia ʻāpana, a laila hoʻi i kā lākou pilina.
No laila, hoʻomaka mākou me ka logstash.
Kaiapuni, hoʻolālā, holo Logstash i loko o kahi pahu
No ka hoʻouka ʻana, hoʻohana mākou i ka docker-compose; ua hana ʻia nā hoʻokolohua i wehewehe ʻia ma MacOS a me Ubuntu 18.0.4.
ʻO ke kiʻi logstash i hoʻopaʻa inoa ʻia i kā mākou docker-compose.yml mua ʻo docker.elastic.co/logstash/logstash:6.3.2
E hoʻohana mākou no nā hoʻokolohua.
Ua kākau mākou i kahi docker-compose.yml e holo i ka logstash. ʻOiaʻiʻo, hiki ke hoʻomaka i ke kiʻi mai ka laina kauoha, akā ke hoʻoponopono nei mākou i kahi pilikia kūikawā, kahi e holo ai mākou i nā mea āpau mai docker-compose.
E pili ana i nā faila hoʻonohonoho
E like me kēia mai ka wehewehe ʻana, hiki ke holo ʻia ka logstash no hoʻokahi kahawai, a ma ia hihia e pono ai ke hele i ka faila *.conf, a i ʻole no kekahi mau kahawai, i ia hihia e pono ai e hoʻohele i ka faila pipelines.yml, ʻo ia hoʻi. , e loulou i nā faila .conf no kēlā me kēia kahawai.
Lawe mākou i ke ala ʻelua. Ua manaʻo mākou he ʻoi aku ka honua a me ka scalable. No laila, ua hana mākou i ka pipelines.yml, a ua hana mākou i ka papa kuhikuhi pipelines kahi e kau ai mākou i nā faila .conf no kēlā me kēia kahawai.
Aia i loko o ka pahu kahi faila hoʻonohonoho hou - logstash.yml. ʻAʻole mākou e hoʻopā, hoʻohana mākou e like me ia.
No laila, kā mākou papa kuhikuhi:
No ka loaʻa ʻana o ka ʻikepili hoʻokomo, no kēia manawa ke manaʻo nei mākou he tcp kēia ma ke awa 5046, a no ka hoʻopuka e hoʻohana mākou i ka stdout.
Eia kahi hoʻonohonoho maʻalahi no ka hoʻomaka mua. No ka mea, ʻo ka hana mua ka hoʻomaka.
No laila, loaʻa iā mākou kēia docker-compose.yml
version: '3'
networks:
elk:
volumes:
elasticsearch:
driver: local
services:
logstash:
container_name: logstash_one_channel
image: docker.elastic.co/logstash/logstash:6.3.2
networks:
- elk
ports:
- 5046:5046
volumes:
- ./config/pipelines.yml:/usr/share/logstash/config/pipelines.yml:ro
- ./config/pipelines:/usr/share/logstash/config/pipelines:ro
He aha kā mākou e ʻike nei ma ʻaneʻi?
- Ua lawe ʻia nā ʻupena a me nā puke mai ka docker-compose.yml (ka mea i hoʻokuʻu ʻia ai ka waihona holoʻokoʻa) a ke manaʻo nei au ʻaʻole lākou e pili nui i ke kiʻi holoʻokoʻa ma aneʻi.
- Hana mākou i hoʻokahi (mau) lawelawe logstash mai ka docker.elastic.co/logstash/logstash:6.3.2 kiʻi a kapa ʻia ʻo logstash_one_channel.
- Hoʻouna mākou i ke awa 5046 i loko o ka pahu, i ke awa kūloko like.
- Hoʻopaʻa mākou i kā mākou faila hoʻonohonoho paipu ./config/pipelines.yml i ka faila /usr/share/logstash/config/pipelines.yml i loko o ka ipu, kahi e kiʻi ai ʻo logstash a heluhelu-wale nō, i ka hihia.
- Mākaukau mākou i ka papa kuhikuhi ./config/pipelines, kahi i loaʻa iā mākou nā faila me nā hoʻonohonoho channel, i loko o ka papa kuhikuhi /usr/share/logstash/config/pipelines a e heluhelu wale nō.
Pipelines.yml faila
- pipeline.id: HABR
pipeline.workers: 1
pipeline.batch.size: 1
path.config: "./config/pipelines/habr_pipeline.conf"
Hōʻike ʻia ma ʻaneʻi kahi ala me ka HABR identifier a me ke ala i kāna faila hoʻonohonoho.
A ʻo ka hope ka faila "./config/pipelines/habr_pipeline.conf"
input {
tcp {
port => "5046"
}
}
filter {
mutate {
add_field => [ "habra_field", "Hello Habr" ]
}
}
output {
stdout {
}
}
ʻAʻole kākou e komo i kāna wehewehe ʻana i kēia manawa, e hoʻāʻo kākou e holo:
docker-compose up
He aha kā mākou e ʻike nei?
Ua hoʻomaka ka pahu. Hiki iā mākou ke nānā i kāna hana:
echo '13123123123123123123123213123213' | nc localhost 5046
A ʻike mākou i ka pane i loko o ka pahu pahu:
Akā i ka manawa like, ʻike pū mākou:
logstash_one_channel | [2019-04-29T11:28:59,790][ERROR][logstash.licensechecker.licensereader] ʻAʻole hiki ke kiʻi i ka ʻike laikini mai ke kikowaena laikini {:message=>“Elasticsearch Unreachable: [http://elasticsearch:9200/][Manticore ::ResolutionFailure] elasticsearch", ...
logstash_one_channel | [2019-04-29T11:28:59,894][INFO ][logstash.pipeline ] Ua hoʻomaka maikaʻi ka Pipeline {:pipeline_id =>".monitoring-logstash", :thread=>"# "}
logstash_one_channel | [2019-04-29T11:28:59,988][INFO ][logstash.agent] Ke holo nei nā paipu {:count=>2, :running_pipelines=>[:HABR, :".monitoring-logstash"], :non_running_pipelines=>[ ]}
logstash_one_channel | [2019-04-29T11:29:00,015][ERROR][logstash.inputs.metrics] Hoʻokomo ʻia ʻo X-Pack ma Logstash akā ʻaʻole ma Elasticsearch. E ʻoluʻolu e hoʻokomo iā X-Pack ma Elasticsearch e hoʻohana i ka hiʻohiʻona nānā. Loaʻa paha nā hiʻohiʻona ʻē aʻe.
logstash_one_channel | [2019-04-29T11:29:00,526][INFO ][logstash.agent ] Ua hoʻomaka maikaʻi ʻo Logstash API endpoint {:port=>9600}
logstash_one_channel | [2019-04-29T11:29:04,478][INFO ][logstash.outputs.elasticsearch] Ke holo nei i ka nānā olakino e ʻike inā e hana ana kahi pilina Elasticsearch {:healthcheck_url=>http://elasticsearch:9200/, :path=> "/"}
logstash_one_channel | [2019-04-29T11:29:04,487][WARN] [logstash.outputs.elasticsearch] Ua ho'āʻo e hoʻāla hou i ka pilina me ka laʻana ES make, akā loaʻa kahi hewa. {:url =>":9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://elasticsearch:9200/][Manticore::ResolutionFailure] elasticsearch"}
logstash_one_channel | [2019-04-29T11:29:04,704][INFO ][logstash.licensechecker.licensereader] Ke holo nei i ka nānā olakino e ʻike inā e hana ana kahi pilina Elasticsearch {:healthcheck_url=>http://elasticsearch:9200/, :path=> "/"}
logstash_one_channel | [2019-04-29T11:29:04,710][WARN] [logstash.licensechecker.licensereader] Ua hoʻāʻo e hoʻāla hou i ka pilina me ka laʻana ES make, akā loaʻa kahi hewa. {:url =>":9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://elasticsearch:9200/][Manticore::ResolutionFailure] elasticsearch"}
A ke kolo nei kā mākou log i nā manawa a pau.
Eia wau i hoʻokalakala i ka ʻōmaʻomaʻo i ka memo i hoʻomaka maikaʻi ʻia ka pipeline, i ka ʻulaʻula ka memo hewa a me ka melemele ka memo e pili ana i kahi hoʻāʻo e hoʻopili. : 9200.
Loaʻa kēia no ka loaʻa ʻana o ka logstash.conf, i hoʻokomo ʻia i loko o ke kiʻi, kahi hōʻoia no ka loaʻa ʻana o ka elasticsearch. Ma hope o nā mea a pau, manaʻo ka logstash e hana ia ma ke ʻano o ka Elk stack, akā ua hoʻokaʻawale mākou.
Hiki ke hana, akā ʻaʻole maʻalahi.
ʻO ka hoʻonā ka hoʻopau ʻana i kēia loiloi ma o ka hoʻololi kaiapuni XPACK_MONITORING_ENABLED.
E hoʻololi kākou i ka docker-compose.yml a holo hou:
version: '3'
networks:
elk:
volumes:
elasticsearch:
driver: local
services:
logstash:
container_name: logstash_one_channel
image: docker.elastic.co/logstash/logstash:6.3.2
networks:
- elk
environment:
XPACK_MONITORING_ENABLED: "false"
ports:
- 5046:5046
volumes:
- ./config/pipelines.yml:/usr/share/logstash/config/pipelines.yml:ro
- ./config/pipelines:/usr/share/logstash/config/pipelines:ro
I kēia manawa, maikaʻi nā mea a pau. Ua mākaukau ka pahu no nā hoʻokolohua.
Hiki iā mākou ke kākau hou i ka console aʻe:
echo '13123123123123123123123213123213' | nc localhost 5046
A ʻike:
logstash_one_channel | {
logstash_one_channel | "message" => "13123123123123123123123213123213",
logstash_one_channel | "@timestamp" => 2019-04-29T11:43:44.582Z,
logstash_one_channel | "@version" => "1",
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "host" => "gateway",
logstash_one_channel | "port" => 49418
logstash_one_channel | }
Ke hana nei i loko o hoʻokahi channel
No laila hoʻomaka mākou. I kēia manawa hiki iā ʻoe ke lawe i ka manawa e hoʻonohonoho i ka logstash iā ia iho. Mai hoʻopā aku i ka faila pipelines.yml i kēia manawa, e ʻike kākou i ka mea e loaʻa iā mākou ma ka hana ʻana me hoʻokahi channel.
Pono wau e ʻōlelo ʻo ke kumu nui o ka hana ʻana me ka faila hoʻonohonoho channel ua wehewehe maikaʻi ʻia ma ka manual official, maanei
Inā makemake ʻoe e heluhelu ma ka ʻōlelo Lūkini, ua hoʻohana mākou i kēia (akā, ʻo ka syntax nīnau ma laila he kahiko, pono mākou e noʻonoʻo i kēia).
E hele pū kāua mai ka ʻāpana Input. Ua ʻike mua mākou i ka hana ma TCP. He aha hou aʻe ka hoihoi ma ʻaneʻi?
E hoʻāʻo i nā memo me ka hoʻohana ʻana i ka puʻuwai
Aia kahi manawa hoihoi e hoʻopuka i nā memo hoʻāʻo ʻakomi.
No ka hana ʻana i kēia, pono ʻoe e ʻae i ka plugin heartbean ma ka ʻāpana komo.
input {
heartbeat {
message => "HeartBeat!"
}
}
E hoʻā, e hoʻomaka e loaʻa i hoʻokahi minuke
logstash_one_channel | {
logstash_one_channel | "@timestamp" => 2019-04-29T13:52:04.567Z,
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "message" => "HeartBeat!",
logstash_one_channel | "@version" => "1",
logstash_one_channel | "host" => "a0667e5c57ec"
logstash_one_channel | }
Inā makemake mākou e loaʻa pinepine, pono mākou e hoʻohui i ka palena waena.
ʻO kēia ke ala e loaʻa ai iā mākou kahi leka i kēlā me kēia 10 kekona.
input {
heartbeat {
message => "HeartBeat!"
interval => 10
}
}
Ke kiʻi ʻana i ka ʻikepili mai kahi faila
Ua hoʻoholo pū mākou e nānā i ke ʻano faila. Inā maikaʻi ka hana me ka faila, a laila ʻaʻole pono ʻia kahi mea hana, no ka hoʻohana kūloko.
Wahi a ka wehewehe, pono ke ʻano hana e like me ka huelo -f, i.e. heluhelu i nā laina hou a i ʻole, ma ke ʻano he koho, heluhelu i ka faila holoʻokoʻa.
No laila ka mea a mākou e makemake ai e loaʻa:
- Makemake mākou e loaʻa nā laina i hoʻopili ʻia i hoʻokahi faila log.
- Makemake mākou e loaʻa ka ʻikepili i kākau ʻia i nā faila log, ʻoiai hiki iā mākou ke hoʻokaʻawale i nā mea i loaʻa mai kahi.
- Makemake mākou e hōʻoia i ka wā e hoʻomaka hou ai ka logstash, ʻaʻole ia e loaʻa hou i kēia ʻikepili.
- Makemake mākou e nānā inā ua pio ka logstash, a hoʻomau ʻia ka ʻikepili i nā faila, a laila ke holo mākou, e loaʻa iā mākou kēia ʻikepili.
No ka hana ʻana i ka hoʻokolohua, e hoʻohui i kahi laina ʻē aʻe i docker-compose.yml, e wehe ana i ka papa kuhikuhi kahi i waiho ai mākou i nā faila.
version: '3'
networks:
elk:
volumes:
elasticsearch:
driver: local
services:
logstash:
container_name: logstash_one_channel
image: docker.elastic.co/logstash/logstash:6.3.2
networks:
- elk
environment:
XPACK_MONITORING_ENABLED: "false"
ports:
- 5046:5046
volumes:
- ./config/pipelines.yml:/usr/share/logstash/config/pipelines.yml:ro
- ./config/pipelines:/usr/share/logstash/config/pipelines:ro
- ./logs:/usr/share/logstash/input
A hoʻololi i ka ʻāpana komo ma habr_pipeline.conf
input {
file {
path => "/usr/share/logstash/input/*.log"
}
}
E hoʻomaka kākou:
docker-compose up
No ka hana ʻana a kākau i nā faila log e hoʻohana mākou i ke kauoha:
echo '1' >> logs/number1.log
{
logstash_one_channel | "host" => "ac2d4e3ef70f",
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "@timestamp" => 2019-04-29T14:28:53.876Z,
logstash_one_channel | "@version" => "1",
logstash_one_channel | "message" => "1",
logstash_one_channel | "path" => "/usr/share/logstash/input/number1.log"
logstash_one_channel | }
ʻAe, hana ia!
I ka manawa like, ʻike mākou ua hoʻohui ʻokoʻa mākou i ke kahua ala. ʻO ia hoʻi, i ka wā e hiki mai ana, hiki iā mākou ke kānana i nā moʻolelo e ia.
E ho'āʻo hou kākou:
echo '2' >> logs/number1.log
{
logstash_one_channel | "host" => "ac2d4e3ef70f",
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "@timestamp" => 2019-04-29T14:28:59.906Z,
logstash_one_channel | "@version" => "1",
logstash_one_channel | "message" => "2",
logstash_one_channel | "path" => "/usr/share/logstash/input/number1.log"
logstash_one_channel | }
A i kēia manawa i kahi faila ʻē aʻe:
echo '1' >> logs/number2.log
{
logstash_one_channel | "host" => "ac2d4e3ef70f",
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "@timestamp" => 2019-04-29T14:29:26.061Z,
logstash_one_channel | "@version" => "1",
logstash_one_channel | "message" => "1",
logstash_one_channel | "path" => "/usr/share/logstash/input/number2.log"
logstash_one_channel | }
Nui! Ua ʻohi ʻia ka faila, ua kuhikuhi pololei ʻia ke ala, ua maikaʻi nā mea a pau.
Hoʻopau i ka logstash a hoʻomaka hou. E kali kaua. Hamau. ʻO kēlā mau mea. ʻAʻole loaʻa hou kēia mau moʻolelo iā mākou.
A i kēia manawa ka hoʻokolohua wiwo ʻole loa.
E hoʻouka i ka logstash a hoʻokō:
echo '3' >> logs/number2.log
echo '4' >> logs/number1.log
E holo hou i ka logstash a ʻike:
logstash_one_channel | {
logstash_one_channel | "host" => "ac2d4e3ef70f",
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "message" => "3",
logstash_one_channel | "@version" => "1",
logstash_one_channel | "path" => "/usr/share/logstash/input/number2.log",
logstash_one_channel | "@timestamp" => 2019-04-29T14:48:50.589Z
logstash_one_channel | }
logstash_one_channel | {
logstash_one_channel | "host" => "ac2d4e3ef70f",
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "message" => "4",
logstash_one_channel | "@version" => "1",
logstash_one_channel | "path" => "/usr/share/logstash/input/number1.log",
logstash_one_channel | "@timestamp" => 2019-04-29T14:48:50.856Z
logstash_one_channel | }
Hooray! Ua lawe ʻia nā mea a pau.
Akā, pono mākou e aʻo iā ʻoe e pili ana i kēia. Inā holoi ʻia ka pahu me ka logstash (docker stop logstash_one_channel && docker rm logstash_one_channel), a laila ʻaʻohe mea e ʻohi ʻia. Ua mālama ʻia ke kūlana o ka faila i heluhelu ʻia i loko o ka pahu. Inā ʻoe e holo mai ka ʻohi ʻana, e ʻae wale ia i nā laina hou.
Heluhelu ʻia nā faila i loaʻa
E ʻōlelo mākou e hoʻomaka ana mākou i ka logstash no ka manawa mua, akā ua loaʻa iā mākou nā lāʻau a makemake mākou e hana iā lākou.
Inā mākou e holo i ka logstash me ka ʻāpana hoʻokomo a mākou i hoʻohana ai ma luna, ʻaʻohe mea e loaʻa iā mākou. ʻO nā laina hou wale nō e hana ʻia e ka logstash.
I mea e huki ʻia ai nā laina mai nā faila i kēia manawa, pono ʻoe e hoʻohui i kahi laina hou i ka ʻāpana komo:
input {
file {
start_position => "beginning"
path => "/usr/share/logstash/input/*.log"
}
}
Eia kekahi, aia kahi nuance: pili wale kēia i nā faila hou i ʻike ʻole ʻia e logstash. No nā faila like i loaʻa i ke kahua o ka logstash, ua hoʻomanaʻo ʻo ia i ko lākou nui a e lawe wale i nā mea hou i loko o lākou.
E kū kākou ma ʻaneʻi a e aʻo i ka ʻāpana hoʻokomo. Nui nā koho, akā lawa ia iā mākou no nā hoʻokolohua hou aʻe i kēia manawa.
Alanui a me ka Hoololi Ikepili
E ho'āʻo kāua e hoʻoponopono i kēia pilikia, e ʻōlelo kākou he mau memo mai hoʻokahi channel, he ʻike kekahi o ia mau mea, a he memo hewa kekahi. ʻOkoʻa lākou ma ka tag. He INFO kekahi, he HALA kekahi.
Pono mākou e hoʻokaʻawale iā lākou ma ka puka. ʻO kēlā mau mea. Kākau mākou i nā memo ʻike ma hoʻokahi channel, a me nā memo hewa ma kekahi.
No ka hana ʻana i kēia, e neʻe mai ka ʻāpana hoʻokomo i kānana a me ka hoʻopuka.
Ma ka hoʻohana ʻana i ka ʻāpana kānana, e hoʻokaʻawale mākou i ka memo e hiki mai ana, e loaʻa ana i kahi hash (mau kī-value pairs) mai ia mea, hiki iā mākou ke hana pū me, ʻo ia. hoʻokaʻawale e like me nā kūlana. A ma ka ʻāpana hoʻopuka, e koho mākou i nā memo a hoʻouna i kēlā me kēia i kāna kahawai ponoʻī.
Hoʻokaʻawale i kahi memo me ka grok
I mea e hoʻokaʻawale ai i nā kaula kikokikona a loaʻa i kahi hoʻonohonoho o nā kahua mai iā lākou, aia kahi plugin kūikawā ma ka ʻāpana kānana - grok.
Me ka ʻole o ka hoʻonohonoho ʻana iaʻu iho i ka pahuhopu o ka hāʻawi ʻana i kahi wehewehe kikoʻī o ia mea ma aneʻi (no kēia kaʻu e kuhikuhi nei ), E hāʻawi wau i kaʻu hiʻohiʻona maʻalahi.
No ka hana ʻana i kēia, pono ʻoe e hoʻoholo i ke ʻano o nā kaula hoʻokomo. Loaʻa iaʻu lākou e like me kēia:
1 memo INFO1
2 ERROR memo2
ʻO kēlā mau mea. Hele mua ka mea ʻike, a laila INFO/ERROR, a laila kekahi huaʻōlelo me ka ʻole o nā hakahaka.
ʻAʻole paʻakikī, akā ua lawa ia e hoʻomaopopo i ke kumu o ka hana.
No laila, ma ka ʻāpana kānana o ka plugin grok, pono mākou e wehewehe i kahi kumu no ka hoʻopaʻa ʻana i kā mākou mau kaula.
E like me kēia:
filter {
grok {
match => { "message" => ["%{INT:message_id} %{LOGLEVEL:message_type} %{WORD:message_text}"] }
}
}
ʻO ka mea nui he ʻōlelo maʻamau. Hoʻohana ʻia nā hiʻohiʻona mākaukau, e like me INT, LOGLEVEL, WORD. Hiki ke ʻike ʻia ko lākou wehewehe ʻana, a me nā hiʻohiʻona ʻē aʻe
I kēia manawa, e hele ana i loko o kēia kānana, e lilo kā mākou string i hash o ʻekolu kahua: message_id, message_type, message_text.
E hōʻike ʻia lākou ma ka ʻāpana hoʻopuka.
Ke alakaʻi nei i nā memo i ka ʻāpana hoʻopuka me ke kauoha inā
Ma ka ʻāpana hoʻopuka, e like me kā mākou e hoʻomanaʻo nei, e hoʻokaʻawale mākou i nā leka i ʻelua kahawai. ʻO kekahi - ʻo ia ka iNFO, e hoʻopuka ʻia i ka console, a me nā hewa, e hoʻopuka mākou i kahi faila.
Pehea mākou e hoʻokaʻawale ai i kēia mau leka? ʻO ke kūlana o ka pilikia ke hōʻike nei i kahi hopena - ma hope o nā mea a pau, ua loaʻa iā mākou kahi kahua message_type i hoʻolaʻa ʻia, hiki ke lawe i ʻelua mau waiwai: INFO a me ERROR. Ma kēia kumu mākou e koho ai me ka hoʻohana ʻana i ka ʻōlelo inā.
if [message_type] == "ERROR" {
# Здесь выводим в файл
} else
{
# Здесь выводим в stdout
}
Hiki ke ʻike ʻia kahi wehewehe o ka hana ʻana me nā māla a me nā mea hana ma kēia ʻāpana .
I kēia manawa, e pili ana i ka hopena maoli.
Hoʻopuka console, maopopo nā mea a pau ma aneʻi - stdout {}
Akā ʻo ka hoʻopuka i kahi faila - e hoʻomanaʻo e holo mākou i kēia mau mea a pau mai kahi pahu a i mea e hiki ai i ka faila a mākou e kākau ai i ka hopena e hiki ke loaʻa mai waho, pono mākou e wehe i kēia papa kuhikuhi ma docker-compose.yml.
Hōʻuluʻulu:
ʻO ka ʻāpana hoʻopuka o kā mākou faila e like me kēia:
output {
if [message_type] == "ERROR" {
file {
path => "/usr/share/logstash/output/test.log"
codec => line { format => "custom format: %{message}"}
}
} else
{stdout {
}
}
}
Ma docker-compose.yml mākou e hoʻohui i kekahi leo no ka hoʻopuka:
version: '3'
networks:
elk:
volumes:
elasticsearch:
driver: local
services:
logstash:
container_name: logstash_one_channel
image: docker.elastic.co/logstash/logstash:6.3.2
networks:
- elk
environment:
XPACK_MONITORING_ENABLED: "false"
ports:
- 5046:5046
volumes:
- ./config/pipelines.yml:/usr/share/logstash/config/pipelines.yml:ro
- ./config/pipelines:/usr/share/logstash/config/pipelines:ro
- ./logs:/usr/share/logstash/input
- ./output:/usr/share/logstash/output
Hoʻomaka mākou, hoʻāʻo, a ʻike i ka mahele ʻana i ʻelua kahawai.
Source: www.habr.com