ES里也有了数据
代码语言:javascript复制[root@h102 etc]# curl -XGET 'localhost:9200/logstash-2016.12.23/_search?q=message=louis&pretty'
{
"took" : 5,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 2,
"max_score" : 0.06365098,
"hits" : [ {
"_index" : "logstash-2016.12.23",
"_type" : "syslog",
"_id" : "AVIRvXxq0svkz_zfzuOP",
"_score" : 0.06365098,
"_source":{"message":"Dec 23 12:11:43 louis postfix/smtpd[31499]: connect from unknown[95.75.93.154]r","@version":"1","@timestamp":"2016-12-23T04:11:43.000Z","host":"0:0:0:0:0:0:0:1","port":45093,"type":"syslog","syslog_timestamp":"Dec 23 12:11:43","syslog_hostname":"louis","syslog_program":"postfix/smtpd","syslog_pid":"31499","syslog_message":"connect from unknown[95.75.93.154]r","received_at":"2016-01-05T12:22:55.674Z","received_from":"0:0:0:0:0:0:0:1","syslog_severity_code":5,"syslog_facility_code":1,"syslog_facility":"user-level","syslog_severity":"notice"}
}, {
"_index" : "logstash-2016.12.23",
"_type" : "syslog",
"_id" : "AVIRveM80svkz_zfzuOQ",
"_score" : 0.06365098,
"_source":{"message":"Dec 23 14:42:56 louis named[16000]: client 199.48.164.7#64817: query (cache) 'amsterdamboothuren.com/MX/IN' deniedr","@version":"1","@timestamp":"2016-12-23T06:42:56.000Z","host":"0:0:0:0:0:0:0:1","port":45093,"type":"syslog","syslog_timestamp":"Dec 23 14:42:56","syslog_hostname":"louis","syslog_program":"named","syslog_pid":"16000","syslog_message":"client 199.48.164.7#64817: query (cache) 'amsterdamboothuren.com/MX/IN' deniedr","received_at":"2016-01-05T12:23:22.809Z","received_from":"0:0:0:0:0:0:0:1","syslog_severity_code":5,"syslog_facility_code":1,"syslog_facility":"user-level","syslog_severity":"notice"}
} ]
}
}
[root@h102 etc]# 
