前往小程序,Get更优阅读体验!
立即前往
文档建议反馈控制台
首页
学习
活动
专区
工具
TVP
腾讯云架构师技术同盟
文章/答案/技术大牛
发布
首页
学习
活动
专区
工具
TVP腾讯云架构师技术同盟
返回腾讯云官网
社区首页 >专栏 >Logstash 基础3

Logstash 基础3

作者头像
franket
发布2022-02-10 20:29:37
发布2022-02-10 20:29:37
25600
代码可运行
举报
文章被收录于专栏:技术杂记技术杂记
运行总次数:0
代码可运行

-t 可以进行配置检查

start_position 代表从头开始读数据

grok geoip 是两个过滤插件

执行操作

代码语言:javascript
代码运行次数:0
复制
[root@h102 logstash]# /opt/logstash/bin/logstash -f first-pipeline.conf  
Settings: Default filter workers: 1
Logstash startup completed
2015-12-23T13:45:19.034Z h102.temp 83.149.9.216 - - [04/Jan/2015:05:13:42 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-search.png HTTP/1.1" 200 203023 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
2015-12-23T13:45:19.037Z h102.temp 83.149.9.216 - - [04/Jan/2015:05:13:42 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-dashboard3.png HTTP/1.1" 200 171717 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
2015-12-23T13:45:19.037Z h102.temp 83.149.9.216 - - [04/Jan/2015:05:13:44 +0000] "GET /presentations/logstash-monitorama-2013/plugin/highlight/highlight.js HTTP/1.1" 200 26185 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
...
...

elasticsearch中检索

使用下面的方式进行检索

查返回状态为 404304

代码语言:javascript
代码运行次数:0
复制
[root@h102 ~]# curl -XGET 'localhost:9200/logstash-2015.12.23/_search?q=response=404'
{"took":3,"timed_out":false,"_shards":{"total":5,"successful":5,"failed":0},"hits":{"total":2,"max_score":1.5351382,"hits":[{"_index":"logstash-2015.12.23","_type":"logs","_id":"AVHPFktn70zKhyBEHGid","_score":1.5351382,"_source":{"message":"66.249.73.185 - - [04/Jan/2015:05:22:13 +0000] \"GET /doc/index.html?org/elasticsearch/action/search/SearchResponse.html HTTP/1.1\" 404 294 \"-\" \"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"","@version":"1","@timestamp":"2015-12-23T13:45:22.565Z","host":"h102.temp","path":"/root/logstash/logstash-tutorial.log","clientip":"66.249.73.185","ident":"-","auth":"-","timestamp":"04/Jan/2015:05:22:13 +0000","verb":"GET","request":"/doc/index.html?org/elasticsearch/action/search/SearchResponse.html","httpversion":"1.1","response":"404","bytes":"294","referrer":"\"-\"","agent":"\"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"","geoip":{"ip":"66.249.73.185","country_code2":"US","country_code3":"USA","country_name":"United States","continent_code":"NA","region_name":"CA","city_name":"Mountain View","latitude":37.385999999999996,"longitude":-122.0838,"dma_code":807,"area_code":650,"timezone":"America/Los_Angeles","real_region_name":"California","location":[-122.0838,37.385999999999996]}}},{"_index":"logstash-2015.12.23","_type":"logs","_id":"AVHPFktm70zKhyBEHGhn","_score":1.4070371,"_source":{"message":"83.149.9.216 - - [04/Jan/2015:05:13:45 +0000] \"GET /presentations/logstash-monitorama-2013/images/frontend-response-codes.png HTTP/1.1\" 200 52878 \"http://semicomplete.com/presentations/logstash-monitorama-2013/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36\"","@version":"1","@timestamp":"2015-12-23T13:45:19.047Z","host":"h102.temp","path":"/root/logstash/logstash-tutorial.log","clientip":"83.149.9.216","ident":"-","auth":"-","timestamp":"04/Jan/2015:05:13:45 +0000","verb":"GET","request":"/presentations/logstash-monitorama-2013/images/frontend-response-codes.png","httpversion":"1.1","response":"200","bytes":"52878","referrer":"\"http://semicomplete.com/presentations/logstash-monitorama-2013/\"","agent":"\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36\"","geoip":{"ip":"83.149.9.216","country_code2":"RU","country_code3":"RUS","country_name":"Russian Federation","continent_code":"EU","region_name":"48","city_name":"Moscow","latitude":55.75219999999999,"longitude":37.6156,"timezone":"Europe/Moscow","real_region_name":"Moscow City","location":[37.6156,55.75219999999999]}}}]}}[root@h102 ~]# 
[root@h102 ~]# 
[root@h102 ~]# 
[root@h102 ~]# curl -XGET 'localhost:9200/logstash-2015.12.23/_search?q=response=304&pretty'
{
  "took" : 6,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "failed" : 0
  },
  "hits" : {
    "total" : 2,
    "max_score" : 1.570033,
    "hits" : [ {
      "_index" : "logstash-2015.12.23",
      "_type" : "logs",
      "_id" : "AVHPFktm70zKhyBEHGhn",
      "_score" : 1.570033,
      "_source":{"message":"83.149.9.216 - - [04/Jan/2015:05:13:45 +0000] \"GET /presentations/logstash-monitorama-2013/images/frontend-response-codes.png HTTP/1.1\" 200 52878 \"http://semicomplete.com/presentations/logstash-monitorama-2013/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36\"","@version":"1","@timestamp":"2015-12-23T13:45:19.047Z","host":"h102.temp","path":"/root/logstash/logstash-tutorial.log","clientip":"83.149.9.216","ident":"-","auth":"-","timestamp":"04/Jan/2015:05:13:45 +0000","verb":"GET","request":"/presentations/logstash-monitorama-2013/images/frontend-response-codes.png","httpversion":"1.1","response":"200","bytes":"52878","referrer":"\"http://semicomplete.com/presentations/logstash-monitorama-2013/\"","agent":"\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36\"","geoip":{"ip":"83.149.9.216","country_code2":"RU","country_code3":"RUS","country_name":"Russian Federation","continent_code":"EU","region_name":"48","city_name":"Moscow","latitude":55.75219999999999,"longitude":37.6156,"timezone":"Europe/Moscow","real_region_name":"Moscow City","location":[37.6156,55.75219999999999]}}
    }, {
      "_index" : "logstash-2015.12.23",
      "_type" : "logs",
      "_id" : "AVHPFlOg70zKhyBEHGi0",
      "_score" : 1.570033,
      "_source":{"message":"218.30.103.62 - - [04/Jan/2015:05:27:36 +0000] \"GET /projects/xdotool/xdotool.xhtml HTTP/1.1\" 304 - \"-\" \"Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)\"","@version":"1","@timestamp":"2015-12-23T13:45:22.923Z","host":"h102.temp","path":"/root/logstash/logstash-tutorial.log","clientip":"218.30.103.62","ident":"-","auth":"-","timestamp":"04/Jan/2015:05:27:36 +0000","verb":"GET","request":"/projects/xdotool/xdotool.xhtml","httpversion":"1.1","response":"304","referrer":"\"-\"","agent":"\"Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)\"","geoip":{"ip":"218.30.103.62","country_code2":"CN","country_code3":"CHN","country_name":"China","continent_code":"AS","region_name":"22","city_name":"Beijing","latitude":39.9289,"longitude":116.38830000000002,"timezone":"Asia/Harbin","real_region_name":"Beijing","location":[116.38830000000002,39.9289]}}
    } ]
  }
}
[root@h102 ~]#

本文系转载,前往查看

如有侵权,请联系 cloudcommunity@tencent.com 删除。

elasticsearch
position
插件
配置

本文系转载前往查看

如有侵权,请联系 cloudcommunity@tencent.com 删除。

elasticsearch
position
插件
配置
评论
登录后参与评论
0 条评论
热度
最新
登录 后参与评论
推荐阅读
目录
  • elasticsearch中检索
领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2025 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 深公网安备号 44030502008569

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号 | 京公网安备号11010802020287

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档

Copyright © 2013 - 2025 Tencent Cloud.

All Rights Reserved. 腾讯云 版权所有

登录 后参与评论