标签:lin line hosts 一个 ESS www follow 启动 host
在存储数据之前,elasticsearch可以使用Ingest Node对数据做预处理。例如grib2-pipeline.json
grok可以使用预定义Patterns(%{Pattern:name}匹配提取字段),也可以直接使用正则表达式(分组命名提取字段)
curl -H ‘Content-Type: application/json‘ -XPUT ‘http://localhost:9200/_ingest/pipeline/grib2‘ -d@grib2-pipeline.json
https://www.elastic.co/guide/en/elasticsearch/reference/6.4/ingest.html
PUT my-index/_doc/my-id?pipeline=my_pipeline_id
{
"foo": "bar"
}
filebeat.inputs:
- type: log
paths:
- /opt/deploy/storm/logs/workers-artifacts/grib2*/*/worker.log
include_lines: [‘ack ‘]
output.elasticsearch:
hosts: ["127.0.0.1:9200"]
pipeline: grib2
index: "grib2-%{+yyyy.MM.dd}"
setup.template.name: "grib2"
setup.template.pattern: "grib2-*"
通过setup.template.name|pattern 和 output.elasticsearch.index配置索引的名称,便于将来的使用。
nohup ./filebeat -c ack.yml &
-c 指定配置文件;nohup & 后台运行;
http://localhost:9200/grib2*/_search
标签:lin line hosts 一个 ESS www follow 启动 host
原文地址:http://blog.51cto.com/dressame/2166174
