日志采集系统filebeat输出到logstash配置

关于elk框架介绍参考链接：https://www.zybuluo.com/dume2007/note/665868

filebeat输出到logstash(filebeat汇集日志数据到logstash)

filebeat配置：
/etc/filebeat/filebeat.yml


修改配置filebeat.yml：
- input_type: log


  # Paths that should be crawled and fetched. Glob based paths.
  paths:


    - /var/log/*.log
    - /data/gfj/goproject/logs/*.log  #修改扫描输入路径(可以配置多个路径)


     屏蔽elasticsearch 配置
 






启动filebeat:
/etc/init.d/filebeat start


logstash配置：testlogstash.conf
input {
        #file {
        #        path =>  "/data/gfj/goproject/logs/*.log"  #读取本地日志文件(可以配置多个路径)
        #}
     beats {
    port => 5044  #logstash监听端口
  }


}
        
output {
        file {
        #        path => "/data/gfj/goproject/logstash/rtb.log.%{+dd.MM.YYYY.HH}"
    path => "/data/gfj/goproject/logs/loglog/rtb.log.%{+dd.MM.YYYY.HH}"
                codec => line { format => "%{message}"}
        }


}
 
#joda相差8小时,同步时间 
filter {  
  date {   
    match => ["message","UNIX_MS"]
    target => "@timestamp"
  }  
 ruby {
   code => "event.set('timestamp', event.get('@timestamp').time.localtime + 8*60*60)"
 }  
 ruby {
   code => "event.set('@timestamp',event.get('timestamp'))"
 }  
 mutate {
   remove_field => ["timestamp"]
 }  
}  




启动logstash:
bin/logstash -f testlogstash.conf