10,612
社区成员
发帖
与我相关
我的任务
分享logstash如何更新文件到elasticsearch中
有个文件,里面有两列ID(标题id)和CLUSTER_ID(聚类ID),用逗号隔开。此文件每天全量更新一次,id每天有新增的。也有做昨天的id,但对应的CLUSTER_ID有可能会发生变化。
需求:
怎么用logstash监控日志,同步新增id以及修改原有的id的属性信息到elasticsearch中。目前按照现有配置,能解决新增id到elasticsearch。但解决不了已有id的更新问题
以下是logstash的配置文件,请参考:
input {
file {
path => "/home/mysql/test/es_stu.txt"
type => "stu"
start_position => "beginning" #从文件开始处读写
}
}
filter{
mutate{
split=>["message",","]
add_field => {
"sno" => "%{[message][0]}"
}
add_field => {
"name" => "%{[message][1]}"
}
add_field => {
"sex" => "%{[message][2]}"
}
add_field => {
"sage" => "%{[message][3]}"
}
add_field => {
"sdept" => "%{[message][4]}"
}
remove_field => ["message"]
}
}
output{
elasticsearch{
hosts=>["192.168.17.108:9200"]
index => "test_stu"
}
}
需求:
怎么用logstash监控日志,同步新增id以及修改原有的id的属性信息到elasticsearch中。目前按照现有配置,能解决新增id到elasticsearch。但解决不了已有id的更新问题
以下是logstash的配置文件,请参考:
input {
file {
path => "/home/mysql/test/es_stu.txt"
type => "stu"
start_position => "beginning" #从文件开始处读写
}
}
filter{
mutate{
split=>["message",","]
add_field => {
"sno" => "%{[message][0]}"
}
add_field => {
"name" => "%{[message][1]}"
}
add_field => {
"sex" => "%{[message][2]}"
}
add_field => {
"sage" => "%{[message][3]}"
}
add_field => {
"sdept" => "%{[message][4]}"
}
remove_field => ["message"]
}
}
output{
elasticsearch{
hosts=>["192.168.17.108:9200"]
index => "test_stu"
}
}
...全文
请发表友善的回复…
发表回复
weixin_40854474 2019-08-15
- 打赏
- 举报
index => "%{[@metadata][_index]}"为什么我跑出来的索引在kibana查看是@metadata][_index]而不是真实值
善若止水 2018-07-04
- 打赏
- 举报
大家好:
配置文件共享出来,有需要的参考下:
input {
file {
path => "/home/mysql/test/es_stu.txt"
type => "stu"
start_position => "beginning" #从文件开始处读写
}
}
filter{
mutate{
split=>["message",","]
add_field => {
"sno" => "%{[message][0]}"
}
add_field => {
"name" => "%{[message][1]}"
}
add_field => {
"sex" => "%{[message][2]}"
}
add_field => {
"sage" => "%{[message][3]}"
}
add_field => {
"sdept" => "%{[message][4]}"
}
remove_field => ["message"]
}
}
output{
elasticsearch {
hosts=>["192.168.17.108:9200"]
action => "delete"
document_type => "%{[@metadata][_type]}"
document_id => "%{sno}"
index => "%{[@metadata][_index]}"
}
elasticsearch{
hosts=>["192.168.17.108:9200"]
index => "test_stu"
document_type => "stu"
document_id => "%{sno}"
}
}
配置文件共享出来,有需要的参考下:
input {
file {
path => "/home/mysql/test/es_stu.txt"
type => "stu"
start_position => "beginning" #从文件开始处读写
}
}
filter{
mutate{
split=>["message",","]
add_field => {
"sno" => "%{[message][0]}"
}
add_field => {
"name" => "%{[message][1]}"
}
add_field => {
"sex" => "%{[message][2]}"
}
add_field => {
"sage" => "%{[message][3]}"
}
add_field => {
"sdept" => "%{[message][4]}"
}
remove_field => ["message"]
}
}
output{
elasticsearch {
hosts=>["192.168.17.108:9200"]
action => "delete"
document_type => "%{[@metadata][_type]}"
document_id => "%{sno}"
index => "%{[@metadata][_index]}"
}
elasticsearch{
hosts=>["192.168.17.108:9200"]
index => "test_stu"
document_type => "stu"
document_id => "%{sno}"
}
}
