kak*_*aks 17 elasticsearch logstash kibana
我使用以下代码在logstash.conf中创建索引
output {
stdout {codec => rubydebug}
elasticsearch {
host => "localhost"
protocol => "http"
index => "trial_indexer"
}
}
要创建另一个索引,我通常会在上面的代码中用另一个索引替换索引名称.有没有办法在同一个文件中创建多个索引?我是ELK的新手.
Val*_*Val 53
您可以根据其中一个字段的值在索引名称中使用模式.这里我们使用type字段的值来命名索引:
output {
stdout {codec => rubydebug}
elasticsearch {
host => "localhost"
protocol => "http"
index => "%{type}_indexer"
}
}
您还可以将多个elasticsearch输出用于同一ES主机或不同的ES主机:
output {
stdout {codec => rubydebug}
elasticsearch {
host => "localhost"
protocol => "http"
index => "trial_indexer"
}
elasticsearch {
host => "localhost"
protocol => "http"
index => "movie_indexer"
}
}
或者您可能希望根据某个变量将文档路由到不同的索引:
output {
stdout {codec => rubydebug}
if [type] == "trial" {
elasticsearch {
host => "localhost"
protocol => "http"
index => "trial_indexer"
}
} else {
elasticsearch {
host => "localhost"
protocol => "http"
index => "movie_indexer"
}
}
}
UPDATE
Logstash 2和5中的语法有所改变:
output {
stdout {codec => rubydebug}
if [type] == "trial" {
elasticsearch {
hosts => "localhost:9200"
index => "trial_indexer"
}
} else {
elasticsearch {
hosts => "localhost:9200"
index => "movie_indexer"
}
}
}
| 归档时间: |
|
| 查看次数: |
23927 次 |
| 最近记录: |