Windows 系统下json 格式的日志文件发送到elasticsearch配置

Nxlog-->logstash-->ElasticSearch

Logstash https://www.elastic.co/guide/en/logstash/current/codec-plugins.html

Elasticsearch https://www.elastic.co/guide/en/elasticsearch/guide/current/index.html

Kibana https://www.elastic.co/guide/en/kibana/current/index.html

Nxlog http://nxlog.org/docs

Nxlog.conf 配置

<Input jsonfile>

Module        im_file

File        "E:\\log\\webapi\\\json1.txt"

SavePos        TRUE

</Input>

<Output json_out>

Module om_tcp

Host 127.0.0.1

Port 5555

</Output>

<Route jsonruby>

Path jsonfile => json_out

</Route>

Logstash my.conf文件配置

input {

tcp {

port=>5555

codec => "json"

}

}

output {

elasticsearch {

hosts => ["localhost:9200"]

codec=>rubydebug

index=>"rubydebug-%{type}-%{+YYYY.MM.dd}"

}

}

日志文件

{"name":"liu1","address":"beijing201","module":"webapi1","type":"jsoninput"}

{"name":"liu2","address":"beijing202","module":"webapi1","type":"json-input"}

ElasticSearch 显示如下格式

{

"_index": "rubydebug-jsoninput-2016.03.20",

"_type": "jsoninput",

"_id": "AVOrXXTzga69Q0TXLFRR",

"_score": null,

"_source": {

"name": "liu1",

"address": "beijing201",

"module": "webapi1",

"type": "jsoninput",

"@version": "1",

"@timestamp": "2016-03-20T01:22:20.837Z",

"host": "127.0.0.1",

"port": 45392

},

"fields": {

"@timestamp": [

1458436940837

]

},

"sort": [

1458436940837

]

}