Taw qhia
Thaum xa mus rau lwm qhov system, peb tau ntsib nrog qhov yuav tsum tau ua ntau yam ntawm cov cav sib txawv. ELK raug xaiv los ua lub cuab yeej. Kab lus no yuav tham txog peb cov kev paub hauv kev teeb tsa pawg no.
Peb tsis tau teem lub hom phiaj los piav txog tag nrho nws cov peev xwm, tab sis peb xav kom mloog zoo rau kev daws teeb meem. Qhov no yog vim qhov tseeb tias txawm tias muaj ntau cov ntaub ntawv thiab cov duab npaj txhij, muaj ntau qhov pitfalls, tsawg kawg peb pom lawv.
Peb xa cov pawg ntawm docker-compose. Ntxiv mus, peb muaj ib tug zoo-sau docker-compose.yml, uas tso cai rau peb mus tsa pawg yuav luag tsis muaj teeb meem. Thiab nws zoo li peb tias yeej tau nyob ze, tam sim no peb yuav tweak nws me ntsis kom haum peb cov kev xav tau thiab qhov ntawd yog nws.
Hmoov tsis zoo, qhov kev sim teeb tsa lub kaw lus kom tau txais thiab ua cov ntawv teev cia los ntawm peb daim ntawv thov tsis tau tiav tam sim ntawd. Yog li ntawd, peb txiav txim siab tias nws tsim nyog kawm txhua qhov sib cais, thiab tom qab ntawd rov qab mus rau lawv cov kev sib txuas.
Yog li, peb pib nrog logstash.
Ib puag ncig, xa tawm, khiav Logstash hauv lub thawv
Rau kev xa tawm peb siv docker-compose; cov kev sim piav qhia ntawm no tau ua tiav ntawm MacOS thiab Ubuntu 18.0.4.
Daim duab logstash uas tau sau npe hauv peb tus thawj docker-compose.yml yog docker.elastic.co/logstash/logstash:6.3.2
Peb yuav siv nws rau kev sim.
Peb sau ib qho cais docker-compose.yml kom khiav logstash. Tau kawg, nws tuaj yeem tso cov duab los ntawm kab hais kom ua, tab sis peb tau daws qhov teeb meem tshwj xeeb, qhov twg peb khiav txhua yam ntawm docker-compose.
Luv luv txog cov ntaub ntawv configuration
Raws li hauv qab no los ntawm cov lus piav qhia, logstash tuaj yeem ua haujlwm rau ib qho channel, qhov twg nws yuav tsum dhau ntawm * .conf cov ntaub ntawv, lossis rau ntau txoj hauv kev, qhov twg nws yuav tsum dhau mus rau cov ntaub ntawv pipelines.yml, uas, dhau los. , yuav txuas rau cov ntaub ntawv .conf rau txhua tus channel.
Peb coj txoj kev thib ob. Nws zoo li peb ntau universal thiab scalable. Yog li ntawd, peb tsim pipelines.yml, thiab ua ib tug pipelines directory uas peb yuav muab .conf cov ntaub ntawv rau txhua channel.
Hauv lub thawv muaj lwm cov ntaub ntawv teeb tsa - logstash.yml. Peb tsis kov nws, peb siv nws li yog.
Yog li, peb daim ntawv teev npe:
Kom tau txais cov ntaub ntawv tawm tswv yim, tam sim no peb xav tias qhov no yog tcp ntawm chaw nres nkoj 5046, thiab rau cov zis peb yuav siv stdout.
Ntawm no yog ib qho yooj yim configuration rau thawj lub community launch. Vim lub luag hauj lwm thawj zaug yog tso tawm.
Yog li, peb muaj qhov no docker-compose.yml
version: '3'
networks:
elk:
volumes:
elasticsearch:
driver: local
services:
logstash:
container_name: logstash_one_channel
image: docker.elastic.co/logstash/logstash:6.3.2
networks:
- elk
ports:
- 5046:5046
volumes:
- ./config/pipelines.yml:/usr/share/logstash/config/pipelines.yml:ro
- ./config/pipelines:/usr/share/logstash/config/pipelines:ro
Peb pom dab tsi ntawm no?
- Cov tes hauj lwm thiab ntim tau raug coj los ntawm thawj docker-compose.yml (qhov twg tag nrho pawg tau pib) thiab kuv xav tias lawv tsis cuam tshuam rau tag nrho cov duab ntawm no.
- Peb tsim ib qho kev pabcuam logstash los ntawm docker.elastic.co/logstash/logstash:6.3.2 duab thiab npe nws logstash_one_channel.
- Peb xa mus rau qhov chaw nres nkoj 5046 hauv lub thawv, mus rau tib qhov chaw nres nkoj sab hauv.
- Peb daim ntawv qhia peb cov yeeb nkab teeb tsa cov ntaub ntawv ./config/pipelines.yml rau cov ntaub ntawv /usr/share/logstash/config/pipelines.yml hauv lub thawv, qhov twg logstash yuav khaws nws thiab ua kom nws nyeem nkaus xwb, nyob rau hauv rooj plaub.
- Peb daim ntawv qhia lub ./config/pipelines directory, qhov twg peb muaj cov ntaub ntawv nrog channel chaw, mus rau hauv /usr/share/logstash/config/pipelines directory thiab kuj ua rau nws nyeem nkaus xwb.
Pipelines.yml cov ntaub ntawv
- pipeline.id: HABR
pipeline.workers: 1
pipeline.batch.size: 1
path.config: "./config/pipelines/habr_pipeline.conf"
Ib qho channel nrog HABR tus cim thiab txoj hauv kev rau nws cov ntaub ntawv teeb tsa tau piav qhia ntawm no.
Thiab thaum kawg cov ntaub ntawv β./config/pipelines/habr_pipeline.confβ
input {
tcp {
port => "5046"
}
}
filter {
mutate {
add_field => [ "habra_field", "Hello Habr" ]
}
}
output {
stdout {
}
}
Cia peb tsis mus rau hauv nws cov lus piav qhia tam sim no, cia peb sim khiav nws:
docker-compose up
Peb pom dab tsi?
Lub thawv tau pib. Peb tuaj yeem tshawb xyuas nws cov haujlwm:
echo '13123123123123123123123213123213' | nc localhost 5046
Thiab peb pom cov lus teb hauv lub thawv console:
Tab sis tib lub sijhawm, peb kuj pom:
logstash_one_channel | [2019-04-29T11:28:59,790][ERROR][logstash.licensechecker.licensereader] Tsis tuaj yeem khaws cov ntaub ntawv tso cai los ntawm daim ntawv tso cai server {:message=>βElasticsearch Unreachable: [http://elasticsearch:9200/][Manticore ::ResolutionFailure] elasticsearch", ...
logstash_one_channel | [2019-04-29T11:28:59,894][INFO][logstash.pipeline] Pipeline pib ua tiav {:pipeline_id=>".monitoring-logstash", :thread=>"# "}
logstash_one_channel | [2019-04-29T11:28:59,988][INFO][logstash.agent] Pipelines khiav {:count=>2, :running_pipelines=>[:HABR, :"monitoring-logstash"], :non_running_pipelines=>[ ]}
logstash_one_channel | [2019-04-29T11:29:00,015][ERROR][logstash.inputs.metrics] X-Pack tau teeb tsa ntawm Logstash tab sis tsis nyob ntawm Elasticsearch. Thov nruab X-Pack ntawm Elasticsearch siv cov kev saib xyuas. Lwm cov nta kuj muaj.
logstash_one_channel | [2019-04-29T11:29:00,526][INFO][logstash.agent] Tau pib Logstash API kawg {:port=>9600}
logstash_one_channel | [2019-04-29T11:29:04,478][INFO ][logstash.outputs.elasticsearch] Khiav kev kuaj xyuas seb puas muaj kev sib txuas Elasticsearch ua haujlwm {:healthcheck_url=>http://elasticsearch:9200/, :path=> "/"}
logstash_one_channel | [2019-04-29T11:29:04,487][WARN][logstash.outputs.elasticsearch] Tau sim ua kom rov muaj kev sib txuas rau cov piv txwv ES tuag, tab sis tau txais qhov yuam kev. {:url=>":9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://elasticsearch:9200/][Manticore::ResolutionFailure] elasticsearch"}
logstash_one_channel | [2019-04-29T11:29:04,704][INFO ][logstash.licensechecker.licensereader] Khiav kev kuaj xyuas seb puas muaj kev sib txuas Elasticsearch ua haujlwm {:healthcheck_url=>http://elasticsearch:9200/, :path=> "/"}
logstash_one_channel | [2019-04-29T11:29:04,710][WARN ][logstash.licensechecker.licensereader] Tau sim ua kom rov muaj kev sib txuas rau cov piv txwv ES tuag, tab sis tau txais qhov yuam kev. {:url=>":9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://elasticsearch:9200/][Manticore::ResolutionFailure] elasticsearch"}
Thiab peb lub log yog creeping txhua lub sijhawm.
Ntawm no kuv tau highlighted nyob rau hauv ntsuab cov lus hais tias lub raj xa dej tau launched tiav, nyob rau hauv liab cov lus yuam kev thiab nyob rau hauv daj cov lus hais txog kev sim hu rau : 9200.
Qhov no tshwm sim vim logstash.conf, suav nrog hauv daim duab, muaj ib daim tshev rau elasticsearch muaj. Tom qab tag nrho, logstash xav tias nws ua haujlwm raws li ib feem ntawm Elk pawg, tab sis peb cais nws.
Nws tuaj yeem ua haujlwm, tab sis nws tsis yooj yim.
Txoj kev daws teeb meem yog kom lov tes taw daim tshev no ntawm XPACK_MONITORING_ENABLED ib puag ncig hloov pauv.
Cia peb hloov mus rau docker-compose.yml thiab khiav nws dua:
version: '3'
networks:
elk:
volumes:
elasticsearch:
driver: local
services:
logstash:
container_name: logstash_one_channel
image: docker.elastic.co/logstash/logstash:6.3.2
networks:
- elk
environment:
XPACK_MONITORING_ENABLED: "false"
ports:
- 5046:5046
volumes:
- ./config/pipelines.yml:/usr/share/logstash/config/pipelines.yml:ro
- ./config/pipelines:/usr/share/logstash/config/pipelines:ro
Tam sim no, txhua yam zoo. Lub thawv yog npaj rau kev sim.
Peb tuaj yeem ntaus dua hauv console tom ntej:
echo '13123123123123123123123213123213' | nc localhost 5046
Thiab saib:
logstash_one_channel | {
logstash_one_channel | "message" => "13123123123123123123123213123213",
logstash_one_channel | "@timestamp" => 2019-04-29T11:43:44.582Z,
logstash_one_channel | "@version" => "1",
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "host" => "gateway",
logstash_one_channel | "port" => 49418
logstash_one_channel | }
Ua haujlwm hauv ib qho channel
Yog li ntawd peb launched. Tam sim no koj tuaj yeem siv sijhawm los teeb tsa logstash nws tus kheej. Cia peb tsis txhob kov cov ntaub ntawv pipelines.yml rau tam sim no, cia saib seb peb tuaj yeem tau txais los ntawm kev ua haujlwm nrog ib tus channel.
Kuv yuav tsum hais tias txoj cai dav dav ntawm kev ua haujlwm nrog cov ntaub ntawv teeb tsa channel tau piav qhia zoo hauv phau ntawv qhia ua haujlwm, ntawm no
Yog tias koj xav nyeem hauv Lavxias, peb siv qhov no (tab sis cov lus nug syntax muaj qub, peb yuav tsum coj qhov no mus rau hauv tus account).
Cia peb mus ua ntu zus los ntawm ntu Input. Peb twb pom ua haujlwm ntawm TCP. Dab tsi ntxiv tuaj yeem nthuav tawm ntawm no?
Ntsuas cov lus siv lub plawv dhia
Muaj lub sijhawm zoo li no los tsim cov ntawv xeem tsis siv neeg.
Txhawm rau ua qhov no, koj yuav tsum ua kom lub plawv bean plugin nyob rau hauv nqe lus nkag.
input {
heartbeat {
message => "HeartBeat!"
}
}
Qhib nws, pib txais ib feeb ib zaug
logstash_one_channel | {
logstash_one_channel | "@timestamp" => 2019-04-29T13:52:04.567Z,
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "message" => "HeartBeat!",
logstash_one_channel | "@version" => "1",
logstash_one_channel | "host" => "a0667e5c57ec"
logstash_one_channel | }
Yog tias peb xav tau ntau zaus, peb yuav tsum tau ntxiv qhov kev ncua sij hawm.
Qhov no yog li cas peb yuav tau txais lus txhua 10 vib nas this.
input {
heartbeat {
message => "HeartBeat!"
interval => 10
}
}
Retrieving cov ntaub ntawv los ntawm ib cov ntaub ntawv
Peb kuj tau txiav txim siab saib cov ntaub ntawv hom. Yog tias nws ua haujlwm zoo nrog cov ntaub ntawv, tej zaum tsis muaj tus neeg sawv cev xav tau, yam tsawg kawg rau kev siv hauv zos.
Raws li cov lus piav qhia, hom kev ua haujlwm yuav tsum zoo ib yam li tus Tsov tus tw -f, i.e. nyeem cov kab tshiab lossis, raws li kev xaiv, nyeem tag nrho cov ntaub ntawv.
Yog li dab tsi peb xav tau:
- Peb xav tau cov kab uas txuas ntxiv rau ib daim ntawv teev npe.
- Peb xav kom tau txais cov ntaub ntawv uas tau sau rau ntau lub cav cov ntaub ntawv, thaum muaj peev xwm cais tau dab tsi tau txais los ntawm qhov twg.
- Peb xav kom paub tseeb tias thaum logstash rov pib dua, nws tsis tau txais cov ntaub ntawv no dua.
- Peb xav xyuas tias yog tias logstash raug kaw, thiab cov ntaub ntawv txuas ntxiv mus rau cov ntaub ntawv, tom qab ntawd thaum peb khiav nws, peb yuav tau txais cov ntaub ntawv no.
Txhawm rau ua qhov kev sim, cia peb ntxiv lwm kab rau docker-compose.yml, qhib cov npe uas peb tso cov ntaub ntawv.
version: '3'
networks:
elk:
volumes:
elasticsearch:
driver: local
services:
logstash:
container_name: logstash_one_channel
image: docker.elastic.co/logstash/logstash:6.3.2
networks:
- elk
environment:
XPACK_MONITORING_ENABLED: "false"
ports:
- 5046:5046
volumes:
- ./config/pipelines.yml:/usr/share/logstash/config/pipelines.yml:ro
- ./config/pipelines:/usr/share/logstash/config/pipelines:ro
- ./logs:/usr/share/logstash/input
Thiab hloov lub tswv yim seem hauv habr_pipeline.conf
input {
file {
path => "/usr/share/logstash/input/*.log"
}
}
Cia peb pib:
docker-compose up
Txhawm rau tsim thiab sau cov ntaub ntawv log peb yuav siv cov lus txib:
β¨echo '1' >> logs/number1.log
{
logstash_one_channel | "host" => "ac2d4e3ef70f",
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "@timestamp" => 2019-04-29T14:28:53.876Z,
logstash_one_channel | "@version" => "1",
logstash_one_channel | "message" => "1",
logstash_one_channel | "path" => "/usr/share/logstash/input/number1.log"
logstash_one_channel | }
Yog, nws ua haujlwm!
Nyob rau tib lub sij hawm, peb pom tias peb tau cia li ntxiv txoj kev teb. Qhov no txhais tau tias yav tom ntej, peb yuav tuaj yeem lim cov ntaub ntawv los ntawm nws.
Cia peb sim dua:
echo '2' >> logs/number1.log
{
logstash_one_channel | "host" => "ac2d4e3ef70f",
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "@timestamp" => 2019-04-29T14:28:59.906Z,
logstash_one_channel | "@version" => "1",
logstash_one_channel | "message" => "2",
logstash_one_channel | "path" => "/usr/share/logstash/input/number1.log"
logstash_one_channel | }
Thiab tam sim no mus rau lwm cov ntaub ntawv:
echo '1' >> logs/number2.log
{
logstash_one_channel | "host" => "ac2d4e3ef70f",
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "@timestamp" => 2019-04-29T14:29:26.061Z,
logstash_one_channel | "@version" => "1",
logstash_one_channel | "message" => "1",
logstash_one_channel | "path" => "/usr/share/logstash/input/number2.log"
logstash_one_channel | }
Zoo heev! Cov ntaub ntawv tau khaws, txoj kev tau teev tseg kom raug, txhua yam zoo.
Nres logstash thiab pib dua. Wb tos. Nyob ntsiag to. Cov. Peb tsis tau txais cov ntaub ntawv no dua.
Thiab tam sim no qhov kev sim siab tshaj plaws.
Nruab logstash thiab ua haujlwm:
echo '3' >> logs/number2.log
echo '4' >> logs/number1.log
Khiav logstash dua thiab saib:
logstash_one_channel | {
logstash_one_channel | "host" => "ac2d4e3ef70f",
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "message" => "3",
logstash_one_channel | "@version" => "1",
logstash_one_channel | "path" => "/usr/share/logstash/input/number2.log",
logstash_one_channel | "@timestamp" => 2019-04-29T14:48:50.589Z
logstash_one_channel | }
logstash_one_channel | {
logstash_one_channel | "host" => "ac2d4e3ef70f",
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "message" => "4",
logstash_one_channel | "@version" => "1",
logstash_one_channel | "path" => "/usr/share/logstash/input/number1.log",
logstash_one_channel | "@timestamp" => 2019-04-29T14:48:50.856Z
logstash_one_channel | }
Hooray! Txhua yam tau khaws.
Tab sis peb yuav tsum ceeb toom koj txog cov hauv qab no. Yog tias lub thawv logstash raug tshem tawm (docker nres logstash_one_channel && docker rm logstash_one_channel), ces tsis muaj dab tsi yuav raug khaws. Txoj hauj lwm ntawm cov ntaub ntawv mus txog qhov uas nws tau nyeem tau muab cia rau hauv lub thawv. Yog tias koj khiav nws los ntawm kos, nws tsuas yog txais cov kab tshiab xwb.
Nyeem cov ntaub ntawv uas twb muaj lawm
Cia peb hais tias peb tab tom pib lub logstash thawj zaug, tab sis peb twb muaj cov cav thiab peb xav ua lawv.
Yog tias peb khiav logstash nrog cov lus nkag peb siv saum toj no, peb yuav tsis muaj dab tsi. Tsuas yog cov kab tshiab yuav ua tiav los ntawm logstash.
Txhawm rau kom cov kab los ntawm cov ntaub ntawv uas twb muaj lawm rub tawm, koj yuav tsum tau ntxiv ib kab ntxiv rau cov lus nkag:
input {
file {
start_position => "beginning"
path => "/usr/share/logstash/input/*.log"
}
}
Ntxiv mus, muaj ib tug nuance: qhov no tsuas yog cuam tshuam cov ntaub ntawv tshiab uas logstash tseem tsis tau pom. Rau tib cov ntaub ntawv uas twb muaj nyob rau hauv lub teb ntawm saib ntawm logstash, nws twb tau nco ntsoov lawv qhov loj me thiab tam sim no tsuas yog coj tshiab nkag rau hauv lawv.
Cia peb tso tseg ntawm no thiab kawm cov lus nkag. Tseem muaj ntau txoj kev xaiv, tab sis qhov ntawd txaus rau peb rau kev sim ntxiv rau tam sim no.
Routing thiab Data Transformation
Cia peb sim daws cov teeb meem hauv qab no, cia peb hais tias peb muaj cov lus los ntawm ib lub channel, qee qhov yog cov ntaub ntawv, thiab qee qhov yog cov lus yuam kev. Lawv txawv ntawm tag. Ib txhia yog INFO, lwm tus yog ERROR.
Peb yuav tsum cais lawv ntawm qhov tawm. Cov. Peb sau cov ntaub ntawv xov xwm hauv ib lub channel, thiab cov lus yuam kev hauv lwm qhov.
Txhawm rau ua qhov no, txav los ntawm ntu nkag mus rau lim thiab tso zis.
Siv cov lim lim, peb yuav txheeb xyuas cov lus tuaj, tau txais hash (tus nqi tseem ceeb) los ntawm nws, uas peb tuaj yeem ua haujlwm nrog, piv txwv li. disassemble raws li tej yam kev mob. Thiab nyob rau hauv seem tso zis, peb yuav xaiv cov lus thiab xa txhua tus mus rau nws tus kheej channel.
Parsing lus nrog grok
Txhawm rau txheeb xyuas cov kab ntawv thiab tau txais ib txheej ntawm cov teb los ntawm lawv, muaj ib lub plugin tshwj xeeb hauv cov lim dej - grok.
Tsis tau teeb tsa kuv tus kheej lub hom phiaj ntawm kev muab cov lus piav qhia ntxaws ntawm no (rau qhov no kuv xa mus rau ), Kuv yuav muab kuv qhov piv txwv yooj yim.
Txhawm rau ua qhov no, koj yuav tsum txiav txim siab rau hom ntawv ntawm cov hlua nkag. Kuv muaj lawv li no:
1 INFO lus 1
2 yuam kev lus 2
Cov. Tus neeg txheeb xyuas los ua ntej, tom qab ntawd INFO / ERROR, ces qee lo lus tsis muaj qhov chaw.
Nws tsis yooj yim, tab sis nws txaus kom nkag siab lub hauv paus ntsiab lus ntawm kev ua haujlwm.
Yog li ntawd, nyob rau hauv lub lim seem ntawm lub grok plugin, peb yuav tsum tau txhais ib tug qauv rau parsing peb cov hlua.
Nws yuav zoo li no:
filter {
grok {
match => { "message" => ["%{INT:message_id} %{LOGLEVEL:message_type} %{WORD:message_text}"] }
}
}
Qhov tseem ceeb nws yog ib qho kev qhia tsis tu ncua. Cov qauv npaj tau siv, xws li INT, LOGLEVEL, WORD. Lawv cov lus piav qhia, nrog rau lwm cov qauv, tuaj yeem pom ntawm no
Tam sim no, dhau los ntawm qhov lim no, peb txoj hlua yuav tig mus rau hauv hash ntawm peb lub teb: message_id, message_type, message_text.
Lawv yuav muab tso tawm kom pom nyob rau hauv cov zis seem.
Routing cov lus mus rau ntu tso zis siv yog hais kom ua
Hauv seem tso zis, raws li peb nco qab, peb tau faib cov lus rau hauv ob lub kwj. Qee qhov - uas yog iNFO, yuav tso tawm rau lub console, thiab nrog kev ua yuam kev, peb yuav tso tawm rau cov ntaub ntawv.
Peb yuav cais cov lus no li cas? Cov xwm txheej ntawm qhov teeb meem twb qhia txog kev daws teeb meem - tom qab tag nrho, peb twb muaj nplooj siab tshaj tawm cov lus_type, uas tuaj yeem siv ob qhov tseem ceeb: INFO thiab ERROR. Nws yog nyob rau hauv lub hauv paus no uas peb yuav xaiv ib tug siv cov if nqe lus.
if [message_type] == "ERROR" {
# ΠΠ΄Π΅ΡΡ Π²ΡΠ²ΠΎΠ΄ΠΈΠΌ Π² ΡΠ°ΠΉΠ»
} else
{
# ΠΠ΄Π΅ΡΡ Π²ΡΠ²ΠΎΠ΄ΠΈΠΌ Π² stdout
}
Cov lus piav qhia ntawm kev ua haujlwm nrog cov teb thiab cov neeg ua haujlwm tuaj yeem nrhiav pom hauv ntu no .
Tam sim no, txog qhov tseeb xaus nws tus kheej.
Console tso zis, txhua yam yog qhov tseeb ntawm no - stdout {}
Tab sis cov zis rau ib cov ntaub ntawv - nco ntsoov tias peb tab tom khiav tag nrho cov no los ntawm lub thawv thiab thiaj li rau cov ntaub ntawv uas peb sau cov txiaj ntsig tuaj yeem siv tau los ntawm sab nraud, peb yuav tsum qhib phau ntawv qhia no hauv docker-compose.yml.
Tag nrho:
Cov zis seem ntawm peb cov ntaub ntawv zoo li no:
β¨output {
if [message_type] == "ERROR" {
file {
path => "/usr/share/logstash/output/test.log"
codec => line { format => "custom format: %{message}"}
}
} else
{stdout {
}
}
}
Hauv docker-compose.yml peb ntxiv lwm ntim rau cov zis:
version: '3'
networks:
elk:
volumes:
elasticsearch:
driver: local
services:
logstash:
container_name: logstash_one_channel
image: docker.elastic.co/logstash/logstash:6.3.2
networks:
- elk
environment:
XPACK_MONITORING_ENABLED: "false"
ports:
- 5046:5046
volumes:
- ./config/pipelines.yml:/usr/share/logstash/config/pipelines.yml:ro
- ./config/pipelines:/usr/share/logstash/config/pipelines:ro
- ./logs:/usr/share/logstash/input
- ./output:/usr/share/logstash/output
Peb tso nws, sim nws, thiab pom kev faib ua ob kwj dej.
Tau qhov twg los: www.hab.com