主页 / 问题 / 1269599
Accepted
Jacki
Asked:2022-04-13 18:26:27 +0000 UTC2022-04-13 18:26:27 +0000 UTC

logstash 配置文件

  • 772

大家好,告诉我这段代码是否正确:

if [type] == "" or [type] == "" or [type] == ""

如果不是,在这种情况下可以使用哪些枚举运算符,在 if 块中,对所有带有 type 标签的对象进行检查,对象如下所示

file {
type => "runstatus12"
path => "C:/BuildAgent2/work/baef4ea7e758f5b8/dms-selenium-tests/TestSelenium/bin/Debug/runStatus.log"
mode => "tail"
start_position => "beginning"
codec => plain { charset => "Windows-1251" }
sincedb_path => "nul"}

在此先感谢,
文件的整个代码如下所示:

input {
  elasticsearch {
    user => "logstash_internal"
    password => "12341234"
  }
  file {
    type => "pikautotesttc"
    path => "C:/BuildAgent/work/baef4ea7e758f5b8/dms-selenium-tests/TestSelenium/bin/Debug/Logs/**/*.log*"
    mode => "tail"
    start_position => "beginning"
    codec => plain { charset => "Windows-1251" }
    sincedb_path => "nul"
  }
  file {
    type => "runstatus"
    path => "C:/BuildAgent/work/baef4ea7e758f5b8/dms-selenium-tests/TestSelenium/bin/Debug/runStatus.log"
    mode => "tail"
    start_position => "beginning"
    codec => plain { charset => "Windows-1251" }
    sincedb_path => "nul"
  }
  file {
    type => "pikautotesttc12"
    path => "C:/BuildAgent2/work/baef4ea7e758f5b8/dms-selenium-tests/TestSelenium/bin/Debug/Logs/**/*.log*"
    mode => "tail"
    start_position => "beginning"
    codec => plain { charset => "Windows-1251" }
    sincedb_path => "nul"
  }
  file {
    type => "runstatus12"
    path => "C:/BuildAgent2/work/baef4ea7e758f5b8/dms-selenium-tests/TestSelenium/bin/Debug/runStatus.log"
    mode => "tail"
    start_position => "beginning"
    codec => plain { charset => "Windows-1251" }
    sincedb_path => "nul"
  }
}

filter {
  elasticsearch {
    user => "logstash_internal"
    password => "12341234"
  }
  fingerprint {
    source => "message"
    target => "[@metadata][fingerprint]"
    method => "MD5"
    key => "pik"
  }
  if [type] == "runstatus" or [type] == "runstatus12" 
  {
    grok {
        match => {
        "message" => "%{DATESTAMP:date}\s+%{WORD:loglevel}\s+(\[\d+\])?\s+:\s*Сценарий - (?<scenario>.*?)(?=\;)\;\sссылка на контракт - (?<positionUrl>.*)(?=\;)\; попытка \((?<attempt>\d)\/5\) - (?<status>.*)(?=\;)\;\s?(?<screenshot>(.*)?)"
        }
      }
      date {
      match => ["date", "yy-MM-dd HH:mm:ss,SSS"]
      target => "@timestamp"
    }
  }
  if [type] == "pikautotesttc" or [type] == "pikautotesttc12"
  {
      if "URL:" in [message]
    {
      grok {
        match => {
        "message" => "%{DATESTAMP:logdate}\s+%{WORD:loglevel}\s+(\[\d+\])?\s+:\s*%{GREEDYDATA:msgbody}(?= URL: )?( URL: )%{GREEDYDATA:url}(?=\.)\.( User: )?%{GREEDYDATA:user}"
        }
      }
    }
    else
    {
     grok {
        match => {
          "message" => "%{DATESTAMP:logdate}\s+%{WORD:loglevel}\s+(\[\d+\])?\s+:\s*%{GREEDYDATA:msgbody}"
        }
      }
    }
    grok {
      match => { 
        "msgbody" => [
          "Test (?<status>[^&]*)",
          "Время выполнения (контракта|теста) \(первая попытка\): (?<duration>\d+.\d+)"
        ]
      }
      match => {
        "path" => "log\.?(?<attempt>\d)"
      }
      break_on_match => false
    }
    date {
      match => ["logdate", "yy-MM-dd HH:mm:ss,SSS"]
      target => "@timestamp"
    }
    mutate {
      convert => {
        "duration" => "float"
      }
    }
  }
}

output {
  elasticsearch {
    hosts => "localhost:9200"
    manage_template => true
    index => "logstash-%{type}"
    document_id => "%{[@metadata][fingerprint]}"
    user => "logstash_internal"
    password => "12341234"
  }
}
logstash

1 个回答

  1. Best Answer

    文件形成正确,事实是当ElasticSearch试图接受这个配置文件时,它没有足够的权限在不同的目录中多做几个索引,需要去Kibana => settings => user roles = > 在 Logstash 部分 Writer 中配置,可以在 Logstash => Logs 文件夹中看到错误

    • 0

相关问题