如何在logstash.conf文件中创建多个索引?
我使用以下代码在logstash.conf中创建索引
output { stdout {codec => rubydebug}
elasticsearch {
host => "localhost"
protocol => "http"
index => "trial_indexer"
}
}
为了创建另一个索引,我通常在上面的代码中用另一个索引名称替换索引名称。有什么办法可以在同一文件中创建许多索引?我是ELK的新手。
回答:
您可以根据其中一个字段的值在索引名称中使用模式。在这里,我们使用type字段的值来命名索引:
output { stdout {codec => rubydebug}
elasticsearch {
host => "localhost"
protocol => "http"
index => "%{type}_indexer"
}
}
您还可以将多个elasticsearch输出用于同一ES主机或不同ES主机:
output { stdout {codec => rubydebug}
elasticsearch {
host => "localhost"
protocol => "http"
index => "trial_indexer"
}
elasticsearch {
host => "localhost"
protocol => "http"
index => "movie_indexer"
}
}
或者,您可能想根据某个变量将文档路由到不同的索引:
output { stdout {codec => rubydebug}
if [type] == "trial" {
elasticsearch {
host => "localhost"
protocol => "http"
index => "trial_indexer"
}
} else {
elasticsearch {
host => "localhost"
protocol => "http"
index => "movie_indexer"
}
}
}
在Logstash 2和5中,语法有所变化:
output { stdout {codec => rubydebug}
if [type] == "trial" {
elasticsearch {
hosts => "localhost:9200"
index => "trial_indexer"
}
} else {
elasticsearch {
hosts => "localhost:9200"
index => "movie_indexer"
}
}
}
以上是 如何在logstash.conf文件中创建多个索引? 的全部内容, 来源链接: utcz.com/qa/421098.html
