ELK之LogStash读取JSON日志分类型建立索引
2016-09-09 15:55
686 查看
摘要: 测试目的是,用ELK处理在业务中用户定义的json log日志,则试PHP脚本如下
测试目的是,用ELK处理在业务中用户定义的json log日志,则试PHP脚本如下:
循环生成注册log和登录log保存到testlog文件中,结果如下:
{"method":"register","user_id":2933,"user_name":"name_91","level":27,"login_time":1470179550}
{"method":"login","user_id":1247,"user_name":"name_979","level":1,"register_time":1470179550}
{"method":"register","user_id":2896,"user_name":"name_1972","level":17,"login_time":1470179550}
{"method":"login","user_id":2411,"user_name":"name_2719","level":1,"register_time":1470179550}
{"method":"register","user_id":1588,"user_name":"name_1484","level":4,"login_time":1470179550}
{"method":"login","user_id":2507,"user_name":"name_1190","level":1,"register_time":1470179550}
{"method":"register","user_id":2382,"user_name":"name_234","level":21,"login_time":1470179550}
{"method":"login","user_id":1208,"user_name":"name_443","level":1,"register_time":1470179550}
{"method":"register","user_id":1331,"user_name":"name_1297","level":3,"login_time":1470179550}
{"method":"login","user_id":2809,"user_name":"name_743","level":1,"register_time":1470179550}
logstash目录下建立配置文件
vim config/json.conf
重点是index中,%{method} 来匹配log中的method字段.
以上log就会分别建立data_login data_register两个索引, 要注意的是索引名称必须全部小写
ES中已经成功以method建立了索引
elasticsearch-sql查询
参考资料:
http://udn.yyuap.com/doc/logstash-best-practice-cn/output/elasticsearch.html https://github.com/NLPchina/elasticsearch-sql
测试目的是,用ELK处理在业务中用户定义的json log日志,则试PHP脚本如下:
<?php
for( $i=0;$i<100;$i++)
{
$reg = array(
'method' => 'login',
'user_id' => rand(1000,3000),
'user_name' => "name_".rand(1,3000 ),
'level' => 1,
'register_time' => time(),
);
$str = json_encode( $reg );
file_put_contents( "testlog" , $str."\n" , FILE_APPEND );
$reg = array(
'method' => 'register',
'user_id' => rand(1000,3000),
'user_name' => "name_".rand(1,3000 ),
'level' => rand(1,30),
'login_time' => time(),
);
$str = json_encode( $reg );
file_put_contents( "testlog" , $str."\n" , FILE_APPEND );
}循环生成注册log和登录log保存到testlog文件中,结果如下:
{"method":"register","user_id":2933,"user_name":"name_91","level":27,"login_time":1470179550}
{"method":"login","user_id":1247,"user_name":"name_979","level":1,"register_time":1470179550}
{"method":"register","user_id":2896,"user_name":"name_1972","level":17,"login_time":1470179550}
{"method":"login","user_id":2411,"user_name":"name_2719","level":1,"register_time":1470179550}
{"method":"register","user_id":1588,"user_name":"name_1484","level":4,"login_time":1470179550}
{"method":"login","user_id":2507,"user_name":"name_1190","level":1,"register_time":1470179550}
{"method":"register","user_id":2382,"user_name":"name_234","level":21,"login_time":1470179550}
{"method":"login","user_id":1208,"user_name":"name_443","level":1,"register_time":1470179550}
{"method":"register","user_id":1331,"user_name":"name_1297","level":3,"login_time":1470179550}
{"method":"login","user_id":2809,"user_name":"name_743","level":1,"register_time":1470179550}
logstash目录下建立配置文件
vim config/json.conf
input {
file {
path => "/home/bona/logstash-2.3.4/testlog"
start_position => "beginning"
codec => "json"
}
}
output {
elasticsearch {
hosts => ["192.168.68.135:9200"]
index => "data_%{method}"
}
}重点是index中,%{method} 来匹配log中的method字段.
以上log就会分别建立data_login data_register两个索引, 要注意的是索引名称必须全部小写
ES中已经成功以method建立了索引
elasticsearch-sql查询
参考资料:
http://udn.yyuap.com/doc/logstash-best-practice-cn/output/elasticsearch.html https://github.com/NLPchina/elasticsearch-sql
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- logstash如何读取json格式日志,并建立json定义好的索引
- solr5.3.1 json xml csv 等文件类型,建立索引
- shell实现按日期删除elk系统产生的logstash日志索引数据
- 使用ELK(logstash,elasticsearch,kibana)+redis搭建nginx日志分析平台
- ELK日志收集系统调研(三) -- LogStash常用配置
- js读取解析JSON类型数据
- js读取解析JSON类型数据
- MySQL里建立索引应该考虑数据库引擎的类型
- Lucene4.10使用教程(二):简单的索引建立和读取步骤(HelloLucene)(转载)
- ELK日志收集系统调研(四) -- 入门学习资源索引
- ELK日志收集系统调研(二)---LogStash Shipper&Indexer
- Lucene4.10使用教程(二):简单的索引建立和读取步骤(HelloLucene)
- 搜索引擎的分页读取及索引的建立
- js读取解析JSON类型数据
- 关于jsoncpp读取浮点数类型字段
- 开源分布式搜索平台ELK(Elasticsearch+Logstash+Kibana)入门学习资源索引
- MySQL里建立索引应该考虑数据库引擎的类型
- MySQL里建立索引应该考虑数据库引擎的类型
- 后台返回一个string类型的json格式数据,前台js如何读取?