logstash中的类型
- array
- boolean
- bytes
- codec
- hash
- number
- password
- path
- string
array
An array can be a single string value or multiple values. If you specify the same setting multiple times, it appends to the array.
example:
path => [ "/var/log/messages", "/var/log/*.log" ]
path => "/data/mysql/mysql.log"boolean
布尔的,true,false
example:
ssl_enable => truebytes
A bytes field is a string field that represents a valid unit of bytes. It is a convenient way to declare specific sizes in your plugin options. Both SI (k M G T P E Z Y) and Binary (Ki Mi Gi Ti Pi Ei Zi Yi) units are supported. Binary units are in base-1024 and SI units are in base-1000.
codec
指定输入输出的格式
A codec is the name of Logstash codec used to represent the data. Codecs can be used in both inputs and outputs.
Input codecs provide a convenient way to decode your data before it enters the input. Output codecs provide a convenient way to encode your data before it leaves the output. Using an input or output codec eliminates the need for a separate filter in your Logstash pipeline.
Example:
codec => "json"hash
A hash is a collection of key value pairs specified in the format “field1” => “value1”.
hash,键值对,用引号引起来。
example:
match => {
"field1" => "value1"
"field2" => "value2"
...
}password
A password is a string with a single value that is not logged or printed.
和string差不多,不会被输出。
Example:
my_password => "password"number
Numbers must be valid numeric values (floating point or integer).
example:
my_password => "password"Path
A path is a string that represents a valid operating system path.
就是系统路径
A path is a string that represents a valid operating system path.string
A string must be a single character sequence. Note that string values are enclosed in quotes.
字符串,加引号就行。
name => "Hello world"具体可以看原文:http://www.elastic.co/guide/en/logstash/current/configuration.html
熟悉了这些类型以后看其他模块就比较好理解了。
比如说grok 的add_field ,需要hash 类型的参数,那就是下面的格式
filter {
grok {
add_field => { "foo_%{somefield}" => "Hello world, from %{host}" }
}
}后记
logstash 是一个非常好的项目,文档全,还有视频,值得学习。