-
Windows环境下的ELK——logstash日志(2)
一、Apche日志文件输出
文件结构
1.test.conf
注意这里无论是window还是liunx系统都必须是反斜杠
test.conf与bin文件在同级目录通过CMD进入bin文件夹
执行命令logstash.bat -f test.confinput{ file { #文件的绝对地址 path => "F:/ELK/ELK8.2.3/logstash-8.2.3/apache.log" #设置从头开始读取 start_position => "beginning" #每隔三秒自动更新日志 stat_interval=>3 } } //设置输出格式 output{ stdout{codec => rubydebug} }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
2.apache.log
83.149.9.216 - - [17/May/2015:10:05:03 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-search.png HTTP/1.1" 200 203023 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" 83.149.9.216 - - [17/May/2015:10:05:43 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-dashboard3.png HTTP/1.1" 200 171717 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" 83.149.9.216 - - [17/May/2015:10:05:47 +0000] "GET /presentations/logstash-monitorama-2013/plugin/highlight/highlight.js HTTP/1.1" 200 26185 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" 83.149.9.216 - - [17/May/2015:10:05:12 +0000] "GET /presentations/logstash-monitorama-2013/plugin/zoom-js/zoom.js HTTP/1.1" 200 7697 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" 83.149.9.216 - - [17/May/2015:10:05:07 +0000] "GET /presentations/logstash-monitorama-2013/plugin/notes/notes.js HTTP/1.1" 200 2892 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" 83.149.9.216 - - [17/May/2015:10:05:34 +0000] "GET /presentations/logstash-monitorama-2013/images/sad-medic.png HTTP/1.1" 200 430406 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" 83.149.9.216 - - [17/May/2015:10:05:57 +0000] "GET /presentations/logstash-monitorama-2013/css/fonts/Roboto-Bold.ttf HTTP/1.1" 200 38720 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"- 1
- 2
- 3
- 4
- 5
- 6
- 7
二、运行结果
运行完需要删除
F:\ELK\ELK8.2.3\logstash-8.2.3\data\plugins\inputs\file
里以.sin开头的文件,这里面记录file的状态,不删,再次运行就没有输出了 -
相关阅读:
9、MySQL——表与表之间的关系,多表查询、MySQL数据库的备份与恢复
餐饮外卖配送小程序商城的作用是什么?
代码随想录算法训练营 动态规划part06
基于FPGA的SD卡的数据读写实现(SD NAND FLASH)
部署软件的 7 种最佳 CI/CD 管道模式
AI创作音乐引发的深思
笔试强训2
基于ASRPRO智能离线语音识别模块实现人机交流对话应用
【图数据库实战】图数据库典型应用场景
transition和animation的区别?
- 原文地址:https://blog.csdn.net/wsnbbdbbdbbdbb/article/details/125432793