配置結構以及插件位置
輸入插件:
input{ … }
過濾插件:
filter{ … }
輸出插件:
output{ … }
數據類型
- Array
users => [{id => 1,name => N1},{id => 2,name => N2}]
- lists
path => ["/var/log/messages","/var/log/*.log"]
uris = > ["http://elastic.co","http://example.net"]
- Boolean
ssl_enable => true
- Bytes
my_bytes => "1113" # 1113 bytes
my_bytes => "10MiB" # 10485760 bytes
- Codec
codec => "json"
- Hash
match => {"field"=>"value1" "field"=>"value2"…}
- Number
port => 33
- Password
my_password => "password"
- URI
my_uri => "http://foo:bar@example.net"
- Path
my_path=> "/tmp/logstash"
- String
name => "Hello World"
- Comments
this is a comment
條件判斷
equality,etc: ==,!=,<,>,<=,>=
regexp: =~,!~
inclusion: in,not in
boolean: and ,or ,nand ,xor
unary: !()
命令行參數
執行: -e 執行-e后面的參數
bin/logstash -e 'input{stdin{}} output{stdout{}}'
文件: --config 或 -f 執行-f后面的conf文件
bin/logstash -f mypipeline.conf
-t, --config.test_and_exit
bin/logstash -f first-pipeline.conf --config.test_and_exit
-r, --config.reload.automatic
bin/logstash -f first-pipeline.conf --config.reload.automatic
日志: -l
工作線程: --filterwokers 或 -w 只針對過濾器插件
插件: --pluginpath 或 -p 后面跟上插件存放的路徑
輸出調試日志:--verbose 或 -v 輸入調試的日志
輸出DBUG: -vv
輸出版本:-V, --version