input {
file {
type => "zj_api"
path => ["/data01/applog_backup/zjzc_log/zj-api*catalina*"]
} file {
type => "wj_api"
path => ["/data01/applog_backup/winfae_log/wj-api*catalina*"]
} } filter {
multiline {
pattern => "^\s+%{TIMESTAMP_ISO8601}"
negate=>true
what=>"previous"
}
mutate {
add_field => [ "[@metadata][zabbix_key]" , "logstash-api-access" ]
add_field => [ "[@metadata][zabbix_host]" , "dr-mysql01" ]
add_field =>["messager","%{type}-%{message}"]
remove_field =>["message"]
} } filter {
grok {
match => [ "messager","(?m)\s*%{TIMESTAMP_ISO8601:time}\s+(?<Level>(\S+)).*"]
}
date {
match => ["time", "yyyy-MM-dd HH:mm:ss,SSS"]
}
} output {
if ([Level] == "ERROR" or [messager] =~ "Exception" ) and [messager] !~ "温金服务未连接" {
zabbix {
zabbix_host => "[@metadata][zabbix_host]"
zabbix_key => "[@metadata][zabbix_key]"
zabbix_server_host => "192.168.32.55"
zabbix_server_port => "10051"
zabbix_value => "messager"
}
}
if [type] == "zj_api" {
redis {
host => "192.168.32.67"
data_type => "list"
key => "zj_api:redis"
port=>"6379"
password => "1234567"
}
}
else if [type] == "wj_api"{
redis {
host => "192.168.32.67"
data_type => "list"
key => "wj_api:redis"
port=>"6379"
password => "1234567"
}
}
} {
"@version" => "1",
"@timestamp" => "2016-09-22T13:06:58.392Z",
"path" => "/data01/applog_backup/zjzc_log/zj-api01-catalina.out.2016-09-22",
"host" => "dr-mysql01.zjcap.com",
"type" => "zj_api",
"tags" => [
[0] "multiline",
[1] "_grokparsefailure"
],
"messager" => "zj_api- yrywqrq23423423432"
} {
"@version" => "1",
"@timestamp" => "2016-09-22T13:08:30.770Z",
"path" => "/data01/applog_backup/zjzc_log/zj-api01-catalina.out.2016-09-22",
"host" => "dr-mysql01.zjcap.com",
"type" => "zj_api",
"messager" => "zj_api- 2016-09-22 21:08:30,770 INFO com.zjzc.common.utils.HttpUtil - 请求参数: ",
"time" => "2016-09-22 21:08:30,770",
"Level" => "INFO"
}
{
"@version" => "1",
"@timestamp" => "2016-09-22T13:08:30.839Z",
"path" => "/data01/applog_backup/zjzc_log/zj-api01-catalina.out.2016-09-22",
"host" => "dr-mysql01.zjcap.com",
"type" => "zj_api",
"messager" => "zj_api- 2016-09-22 21:08:30,839 INFO com.zjzc.common.utils.HttpUtil - 请求接口: https://www.zjcap.cn/pay/interface/bankchannellist, 耗时=-68 ",
"time" => "2016-09-22 21:08:30,839",
"Level" => "INFO"
} 这种情况下,即使匹配不上 也不会造成logstash zabbix插件崩掉