配置文件结构说明

https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html

Event相关配置

https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html

event中字段提取： field reference

如：[ua][os]　　　　

应用字段内容： sprintf format

如：increment => "apache.%{[response][status]}" } }　　

条件语句：Conditionals

如：if [action] == "login"

特殊字段说明：

@metadata、@timestamp

{

  "agent": "Mozilla/5.0 (compatible; MSIE 9.0)",

  "ip": "192.168.24.44",

  "request": "/index.html"

  "response": {

    "status": ,

    "bytes":

  },

  "ua": {

    "os": "Windows 7"

  }

}

环境变量的应用

https://www.elastic.co/guide/en/logstash/current/environment-variables.html

配置文件自动reload

https://www.elastic.co/guide/en/logstash/current/reloading-config.html

logstash的部署模式

https://www.elastic.co/guide/en/logstash/current/deploying-and-scaling.html#deploying-and-scaling