# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.
# input {
# beats {
# port => 5044
# codec => json
# }
# }
input {
udp {
port => 5044
# codec => json_lines
}
}
filter{
grok {
match => { "message" => "#%{DATA:longdate}#%{DATA:level}#%{DATA:appName}#%{DATA:content}#%{DATA:exception}#%{DATA:stacktrace}#"}
# add_field => [ "appName", "%{appName}" ]
}
}
output {
elasticsearch {
hosts => ["http://127.0.0.1:9200"]
# index => "demo-%{+YYYY-MM-dd}"
index => "%{[appName]}-%{+YYYY-MM-dd}"
# 注:[fields][appName] 代表调用fields 中appName字段变量的值为索引。
}
}