首先要找到正確的配置檔案
java-app.yml
input {
tcp {
port => 1001
}
}
filter {
json {
source => "message"
}
grok {
match => ["message","(\[%{DATA}\] --- )?(trace_id=%{DATA:trace_id} )?(span_id=%{DATA:span_id} )?%{GREEDYDATA:msg}"]
}
json {
source => "msg"
}
mutate {
remove_field => ["@version","message","msg","event","trace_id","span_id"]
}
}
output {
if "_grokparsefailure" in [tags] {
stdout {
codec => rubydebug
}
}
elasticsearch {
hosts => ["localhost:xxxx"]
index => "java-app-log-%{+YYYY-MM-dd}"
user => elastic
password => Ocee4Lu2saeM5ohw
codec => json
}
}