大家好,告诉我这段代码是否正确:
if [type] == "" or [type] == "" or [type] == ""
如果不是,在这种情况下可以使用哪些枚举运算符,在 if 块中,对所有带有 type 标签的对象进行检查,对象如下所示
file {
type => "runstatus12"
path => "C:/BuildAgent2/work/baef4ea7e758f5b8/dms-selenium-tests/TestSelenium/bin/Debug/runStatus.log"
mode => "tail"
start_position => "beginning"
codec => plain { charset => "Windows-1251" }
sincedb_path => "nul"}
在此先感谢,
文件的整个代码如下所示:
input {
elasticsearch {
user => "logstash_internal"
password => "12341234"
}
file {
type => "pikautotesttc"
path => "C:/BuildAgent/work/baef4ea7e758f5b8/dms-selenium-tests/TestSelenium/bin/Debug/Logs/**/*.log*"
mode => "tail"
start_position => "beginning"
codec => plain { charset => "Windows-1251" }
sincedb_path => "nul"
}
file {
type => "runstatus"
path => "C:/BuildAgent/work/baef4ea7e758f5b8/dms-selenium-tests/TestSelenium/bin/Debug/runStatus.log"
mode => "tail"
start_position => "beginning"
codec => plain { charset => "Windows-1251" }
sincedb_path => "nul"
}
file {
type => "pikautotesttc12"
path => "C:/BuildAgent2/work/baef4ea7e758f5b8/dms-selenium-tests/TestSelenium/bin/Debug/Logs/**/*.log*"
mode => "tail"
start_position => "beginning"
codec => plain { charset => "Windows-1251" }
sincedb_path => "nul"
}
file {
type => "runstatus12"
path => "C:/BuildAgent2/work/baef4ea7e758f5b8/dms-selenium-tests/TestSelenium/bin/Debug/runStatus.log"
mode => "tail"
start_position => "beginning"
codec => plain { charset => "Windows-1251" }
sincedb_path => "nul"
}
}
filter {
elasticsearch {
user => "logstash_internal"
password => "12341234"
}
fingerprint {
source => "message"
target => "[@metadata][fingerprint]"
method => "MD5"
key => "pik"
}
if [type] == "runstatus" or [type] == "runstatus12"
{
grok {
match => {
"message" => "%{DATESTAMP:date}\s+%{WORD:loglevel}\s+(\[\d+\])?\s+:\s*Сценарий - (?<scenario>.*?)(?=\;)\;\sссылка на контракт - (?<positionUrl>.*)(?=\;)\; попытка \((?<attempt>\d)\/5\) - (?<status>.*)(?=\;)\;\s?(?<screenshot>(.*)?)"
}
}
date {
match => ["date", "yy-MM-dd HH:mm:ss,SSS"]
target => "@timestamp"
}
}
if [type] == "pikautotesttc" or [type] == "pikautotesttc12"
{
if "URL:" in [message]
{
grok {
match => {
"message" => "%{DATESTAMP:logdate}\s+%{WORD:loglevel}\s+(\[\d+\])?\s+:\s*%{GREEDYDATA:msgbody}(?= URL: )?( URL: )%{GREEDYDATA:url}(?=\.)\.( User: )?%{GREEDYDATA:user}"
}
}
}
else
{
grok {
match => {
"message" => "%{DATESTAMP:logdate}\s+%{WORD:loglevel}\s+(\[\d+\])?\s+:\s*%{GREEDYDATA:msgbody}"
}
}
}
grok {
match => {
"msgbody" => [
"Test (?<status>[^&]*)",
"Время выполнения (контракта|теста) \(первая попытка\): (?<duration>\d+.\d+)"
]
}
match => {
"path" => "log\.?(?<attempt>\d)"
}
break_on_match => false
}
date {
match => ["logdate", "yy-MM-dd HH:mm:ss,SSS"]
target => "@timestamp"
}
mutate {
convert => {
"duration" => "float"
}
}
}
}
output {
elasticsearch {
hosts => "localhost:9200"
manage_template => true
index => "logstash-%{type}"
document_id => "%{[@metadata][fingerprint]}"
user => "logstash_internal"
password => "12341234"
}
}
文件形成正确,事实是当ElasticSearch试图接受这个配置文件时,它没有足够的权限在不同的目录中多做几个索引,需要去Kibana => settings => user roles = > 在 Logstash 部分 Writer 中配置,可以在 Logstash => Logs 文件夹中看到错误