1
我是新手到麋鹿堆棧,並試圖通過http發送監控日誌。我有以下logstash配置。但它只讀取和發送第一行到彈性搜索,雖然我發送多個線在我的http POST請求正文(我使用chromes DHC插件發送http請求到logstash)。請幫助我閱讀完整的數據併發送給彈性搜索。logstash:http輸入只需要第一行(與csv過濾器)
input {
http {
host => "127.0.0.1" # default: 0.0.0.0
port => 8081 # default: 8080
threads => 10
}
}
filter {
csv {
separator => ","
columns => ["posTimestamp","posCode","logLevel","location","errCode","errDesc","detail"]
}
date {
match => ["posTimestamp", "ISO8601"]
}
mutate {
strip => ["posCode", "logLevel", "location", "errCode", "errDesc" ]
remove_field => [ "path", "message", "headers" ]
}
}
output {
elasticsearch {
protocol => "http"
host => "localhost"
index => "temp"
}
stdout {
codec => rubydebug
}
}
的樣本數據: 2015-08-24T05:21:40.468,352701060205140,ERROR,科倫坡,ERR_01,INVALID_CARD,測試POS錯誤 2015-08-24T05:21:41.468,352701060205140,ERROR,科倫坡,ERR_01,INVALID_CARD,測試POS錯誤 2015-08-24T05:23:50.468,352701060205140,ERROR,Colombo,ERR_02 2015-08-24T05:23:40.468,81021320,ERROR,Colombo,ERR_01,INVALID_CARD ,TIME_OUT,測試POS錯誤