Logstash 日誌收集filebeat

config set

input {
beats {
port => 5044 }
}


filter {
#ignore log comments
if [message] =~ "^#" {
drop {}
}
grok {
break_on_match => false
match => ["message", "%{INT:FeedTime}[T,]%{INT:MoldMill}[T,]%{BASE10NUM:InjectionTime}[T,]%{BASE10NUM:CoolingTime}[T,]%{BASE10NUM:CycleTime}[T,]%{BASE10NUM:LastCycleTime}[T,]%{INT:FeedRPM}[T,]%{NUMBER:Temperature1}[T,]%{BASE10NUM:Temperature2}[T,]%{BASE10NUM:Temperature3}[T,]%{INT:NumberOfTimes}[T,]%{INT:ProductCount}"]
}
mutate {
convert => { "FeedTime" => "integer" }
convert => { "MoldMill" => "integer" }
convert => { "InjectionTime" => "float" }
convert => { "CoolingTime" => "integer" }
convert => { "CycleTime" => "integer" }
convert => { "LastCycleTime" => "integer" }
convert => { "FeedRPM" => "integer" }
convert => { "Temperature1" => "float" }
convert => { "Temperature2" => "float" }
convert => { "Temperature3" => "float" }
convert => { "NumberOfTimes" => "integer" }
convert => { "ProductCount" => "integer" }
}
output {
elasticsearch {
hosts => ["http://X.X.X.X:9200"]
index => "channels-%{+YYYY.MM.dd}"
}
stdout { codec => rubydebug }
}
One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.