1. install logstash
refer to logstash document
2. logstash example config file
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
| input {
tcp {
port => 12345
codec => "json_lines"
}
}
filter{
grok {
match => ["message", "%{TIMESTAMP_ISO8601:logdate}"]
}
date {
match => ["logdate", "yyyy-MM-dd HH:mm:ss.SSS"]
target => "@timestamp"
}
mutate {
remove_field => ["logdate"]
}
ruby {
code => "event.set('timestamp', event.get('@timestamp').time.localtime + 8*60*60)"
}
ruby {
code => "event.set('@timestamp',event.get('timestamp'))"
}
mutate {
remove_field => ["timestamp"]
}
}
output {
stdout { codec => rubydebug { metadata => true } }
file {
path => "./logs/%{+YYYY-MM-dd-HH}.log"
codec => line { format => "%{message}"}
}
}
|
notes:
- it will serve TCP connection on localhost:12345.
- uses codec named
json_lines, json data format such as { "message" : "xxxx" }. - matche date pattern in the log, then use it as its time.
- reset the field
@timestamp, output to the local file.