filter json { source => “message” } This mean is Try to use json format transfer log, then put some data to message filed. So some filed just be setting, and some data set to message. ．Use this to check mach and log https://grokconstructor.appspot.com/do/match https://blog.johnwu.cc/article/elk-logstash-grok-filter.html https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/grok-patterns This is geth log for example A： INFO [11-14|09:58:17.730] Generating DAG in progress epoch=1 percentage=99 elapsed=4m8.643s INFO [11-15|01:41:33.455] Generating DAG in progress epoch=1 percentage=9 elapsed=27.

繼續閱讀

https://www.rosehosting.com/blog/install-and-configure-the-elk-stack-on-ubuntu-16-04/ https://www.elastic.co/guide/en/logstash/current/configuration.html https://dotblogs.com.tw/supershowwei/2016/05/25/185741 install finish 1、/etc/logstash/conf.d/ put some logstash conf 2、ubuntu have logstash listen error, so nano /etc/logstash/startup.options LS_USER = root 3、/usr/share/logstash/bin# ./system-install reuse LS_USER for config 注意：  mutate { add_field => { “logTime” => “%{+YYYY-MM-dd} %{time}” }

繼續閱讀