logstash 配置

input {
	file {
        type => "fx-czrz"
        path => ["D:/logs1/czrzFile*"]
        start_position => "beginning"
    }
	file{
        path => "D:/logs2/ycrzFile*"
		type => "fx-ycrz"
        start_position => beginning
		#codec => multiline{
		#  pattern => "^\s"
		#  what => "previous"
		#}
    }
	jdbc {
		jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/test"
		jdbc_user => "root"
		jdbc_password => "123456"
		jdbc_driver_library => "E:\mysql-driver\mysql-connector-java-5.1.44-bin.jar"
		jdbc_driver_class => "com.mysql.jdbc.Driver"
		#定时字段 各字段含义（由左至右）分、时、天、月、年，全部为*默认含义为每分钟都更新（测试结果，不同的话请留言指出）
		schedule => "* * * * *"
		jdbc_default_timezone => "Asia/Shanghai"
		#以下对应着要执行的sql的绝对路径。
		statement_filepath => "e:\ls\sql.sql"
		use_column_value  => false
		last_run_metadata_path => "e:\ls\last_run.txt"
		jdbc_paging_enabled => "true"
		jdbc_page_size => "50000"
		#设定ES索引类型
		type => "mysqlrz"
	}
#       stdin {}  #可以从标准输入读数据
}
filter {
	if [type] == "fx-czrz" {
		grok{
			match => { "message" => "\[%{TIMESTAMP_ISO8601:timestamp}\] \[%{DATA:xtlx}\] \[%{DATA:traceId}\] \[%{LOGLEVEL:log_level}\] \[(?<ffmc>(.*))\] %{GREEDYDATA:qqsj}%{GREEDYDATA:ip}%{GREEDYDATA:zh}%{GREEDYDATA:xm}%{GREEDYDATA:url}%{WORD:method}%{GREEDYDATA:params}(?<agent>(.*))" }
			match => { "message" => "\[%{TIMESTAMP_ISO8601:timestamp}\] \[%{DATA:xtlx}\] \[%{DATA:traceId}\] \[%{LOGLEVEL:log_level}\] \[(?<ffmc>(.*))\] %{GREEDYDATA:qqsj}%{GREEDYDATA:ip}%{GREEDYDATA:zh}%{GREEDYDATA:xm}%{GREEDYDATA:url}%{WORD:method}%{GREEDYDATA:params}(?<agent>(.*))" }
			match => { "message" => "\[%{TIMESTAMP_ISO8601:timestamp}\] \[%{DATA:xtlx}\] \[%{DATA:traceId}\] \[%{LOGLEVEL:log_level}\] \[(?<ffmc>(.*))\] ==>%{GREEDYDATA:message}" }
			match => { "message" => "\[%{TIMESTAMP_ISO8601:timestamp}\] \[%{DATA:xtlx}\] \[%{DATA:traceId}\] \[%{LOGLEVEL:log_level}\] \[(?<ffmc>(.*))\] <==%{GREEDYDATA:message}" }
			match => { "message" => "\[%{TIMESTAMP_ISO8601:timestamp}\] \[%{DATA:xtlx}\] \[%{DATA:traceId}\] \[%{LOGLEVEL:log_level}\] \[(?<ffmc>(.*))\] %{GREEDYDATA:message}" }	
			match => { "message" => "%{GREEDYDATA:message}" }
		}
		date{
			match => ["timestamp","UNIX_MS"]
			remove_field => "timestamp"
		}
		urldecode{
			all_fields => true
		}
	}
}
output {
   if [type] == "mysqlrz"{
		elasticsearch {
		   hosts => ["localhost:9200"]
		   index => "mysqlrz_%{+YYYYMMdd}"
		   user => "elastic"
		   password => "123456"			   
	   }
   }
   if [type] == "fx-czrz"{
		elasticsearch {
		   hosts => ["localhost:9200"]
		   index => "fx-czrz-%{+YYYYMMdd}"
		   user => "elastic"
		   password => "123456"
		}
   }
   if [type] == "fx-ycrz"{
		elasticsearch { 
		   hosts => ["localhost:9200"]
		   index => "fx-ycrz-%{+YYYYMM}"
		   user => "elastic"
		   password => "123456"			   
	   }
   }
}