0

我正在使用 logback 与biz.paluch.logging.gelf.logback.GelfLogbackAppender. 我目前有 3 项服务正在运行,我希望其中 2 项在 logstash 中输出为logstash-ingest,另一个为logstash-digest. 例子:

我希望这两个有索引logstash-ingest

服务1

<!DOCTYPE configuration>

<configuration>
    <contextName>test</contextName>
    <jmxConfigurator/>
    <appender name="gelf" class="biz.paluch.logging.gelf.logback.GelfLogbackAppender">
        <host>udp:localhost</host>
        <port>12201</port>
        <version>1.1</version>
        <extractStackTrace>true</extractStackTrace>
        <filterStackTrace>true</filterStackTrace>
        <timestampPattern>yyyy-MM-dd HH:mm:ss,SSS</timestampPattern>
        <maximumMessageSize>8192</maximumMessageSize>

        <param name="AdditionalFields" value="tag=example1-api,INDEX_PREFIX=ingest" />
        <param name="AdditionalFieldTypes" value="tag=String,INDEX_PREFIX=String" />

        <dynamicMdcFields>(field1|field2)</dynamicMdcFields>
    </appender>

    <logger name="com.example1" level="INFO" />

    <root level="INFO">
        <appender-ref ref="gelf" />
    </root>
</configuration>

服务 2

<!DOCTYPE configuration>

<configuration>
    <contextName>test</contextName>
    <jmxConfigurator/>
    <appender name="gelf" class="biz.paluch.logging.gelf.logback.GelfLogbackAppender">
        <host>udp:localhost</host>
        <port>12201</port>
        <version>1.1</version>
        <extractStackTrace>true</extractStackTrace>
        <filterStackTrace>true</filterStackTrace>
        <timestampPattern>yyyy-MM-dd HH:mm:ss,SSS</timestampPattern>
        <maximumMessageSize>8192</maximumMessageSize>

        <param name="AdditionalFields" value="tag=example2-api,INDEX_PREFIX=ingest" />
        <param name="AdditionalFieldTypes" value="tag=String,INDEX_PREFIX=String" />

        <dynamicMdcFields>(field1|field2)</dynamicMdcFields>
    </appender>

    <logger name="com.example2" level="INFO" />

    <root level="INFO">
        <appender-ref ref="gelf" />
    </root>
</configuration>

第三个logstash-digest

服务 3

<!DOCTYPE configuration>

<configuration>
    <contextName>test</contextName>
    <jmxConfigurator/>
    <appender name="gelf" class="biz.paluch.logging.gelf.logback.GelfLogbackAppender">
        <host>udp:localhost</host>
        <port>12201</port>
        <version>1.1</version>
        <extractStackTrace>true</extractStackTrace>
        <filterStackTrace>true</filterStackTrace>
        <timestampPattern>yyyy-MM-dd HH:mm:ss,SSS</timestampPattern>
        <maximumMessageSize>8192</maximumMessageSize>

        <param name="AdditionalFields" value="tag=example3-api,INDEX_PREFIX=digest" />
        <param name="AdditionalFieldTypes" value="tag=String,INDEX_PREFIX=String" />

        <dynamicMdcFields>(field1|field2)</dynamicMdcFields>
    </appender>

    <logger name="com.example3" level="INFO" />

    <root level="INFO">
        <appender-ref ref="gelf" />
    </root>
</configuration>

这是我的logstash.conf,但我不确定如何配置它以使用INDEX_PREFIX区分这三个服务的输出。

input {

  gelf {
    id => "gelf"
    use_udp => true
    use_tcp => false
  }
}

## filters???

output {
    elasticsearch {
        hosts => ["es01:9200"]
        user => "elastic"
        password => "changeme"
        index => "logstash-{%}" ## what am I missing here?
    }
}
4

1 回答 1

0

我一定是在配置上调整了太久,改变了太多东西,最后不知道什么是真正有效的。第二天,头脑清晰,再次尝试,显然我的问题的答案是index => "logstash-%{INDEX_PREFIX}" 我很确定我尝试过这个,但可能与其他失败的东西结合使用。

于 2021-07-02T11:46:08.063 回答