检测配置
代码语言:javascript复制[root@h102 etc]# /opt/logstash/bin/logstash -f logstash-multiline.conf -t
Configuration OK
[root@h102 etc]# 运行logstash
代码语言:javascript复制[root@h102 etc]# /opt/logstash/bin/logstash -f logstash-multiline.conf
Settings: Default filter workers: 1
Logstash startup completed
...
...
...输入测试
随便在终端中贴入一段日志,要求完全覆盖完整的一条,然后观察输出
代码语言:javascript复制Tip: 不能正好一条,要完全包含完整一条的首尾
{
"@timestamp" => "2015-12-16T18:00:59.000Z",
"message" => "# User@Host: taobao[taobao] @ regular_exp [192.168.35.23] Id: 1236n# Schema: bat_db Last_errno: 0 Killed: 0n# Query_time: 1.679745 Lock_time: 0.124872 Rows_sent: 0 Rows_examined: 292389 Rows_affected: 1066n# Bytes_sent: 55nSET timestamp=1450288859;ncreate table temp_logstash_regular asn select t1.user_id, t2.user_keyn from kibana_test_repo as t1n join users as t2n on t1.user_id = t2.idn where t1.notification_ts >= '2015-12-16 00:00:00' andn t1.notification_ts < '2015-12-17 00:00:00'n group by t1.user_id;n# Time: 151217 2:01:01",
"@version" => "1",
"tags" => [
[0] "multiline"
],
"host" => "h102.temp",
"user" => "taobao",
"clienthost" => "regular_exp",
"clientip" => "192.168.35.23",
"id" => 1236,
"schema" => "bat_db",
"lasterrorno" => 0,
"killedno" => 0,
"query_time" => 1.679745,
"lock_time" => 0.124872,
"rows_sent" => 0,
"rows_examined" => 292389,
"rows_affected" => 1066,
"bytes_sent" => 55,
"timestamp" => "1450288859",
"query" => "create table temp_logstash_regular asn select t1.user_id, t2.user_keyn from kibana_test_repo as t1n join users as t2n on t1.user_id = t2.idn where t1.notification_ts >= '2015-12-16 00:00:00' andn t1.notification_ts < '2015-12-17 00:00:00'n group by t1.user_id;n# Time: 151217 2:01:01",
"action" => "create"
}
