input { file { type => "zj_frontend_access" path => ["/data01/applog_backup/zjzc_log/zj-frontend0*access*"] } file { type => "wj_frontend_access" path => ["/data01/applog_backup/winfae_log/wj-frontend0*access*"] } } filter { grok { match =>[ "message","%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request}\?.* HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)", "message" , "%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)" ] } geoip { source => "http_x_forwarded_for" target => "geoip" database => "/usr/local/logstash-2.3.4/etc/GeoLiteCity.dat" add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ] add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ] } mutate { convert => [ "[geoip][coordinates]", "float"] convert => [ "request_time", "float"] add_field =>["response_time","%{request_time}"] convert => [ "response_time", "float"] remove_field =>["request_time"] add_field => [ "[@metadata][zabbix_key]" , "logstash-api-access" ] add_field => [ "[@metadata][zabbix_host]" , "dr-mysql01" ] } date { match => ["time", "dd/MMM/yyyy:HH:mm:ss Z"] } } output { if [response_time] >= 5 { zabbix { zabbix_host => "[@metadata][zabbix_host]" zabbix_key => "[@metadata][zabbix_key]" zabbix_server_host => "192.168.32.55" zabbix_server_port => "10051" zabbix_value => "message" } } if [type] == "zj_frontend_access" { redis { host => "192.168.32.67" data_type => "list" key => "zj_frontend_access:redis" port=>"6379" password => "1234567" } } else if [type] == "wj_frontend_access"{ redis { host => "192.168.32.67" data_type => "list" key => "wj_frontend_access:redis" port=>"6379" password => "1234567" } } }
logstash 发送慢页面到zabbix告警
转载本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
提问和评论都可以,用心的回复会被更多人看到
评论
发布评论
相关文章
-
zabbix发送短信告警脚本
zabbix发送短信
zabbix发送短信告警脚本 -
logstash 发送zabbix告警
[elk@dr-mysql01 test]$ cat t1.conf input { stdin { }}filter { grok { match => [ ...
mysql ruby 主机名 html zabbix