logstash 发送zabbix告警

  • A+
所属分类:elk

[html] view plain copy

  1. [elk@dr-mysql01 test]$ cat t1.conf
  2. input {
  3.     stdin {
  4.     }
  5. }
  6. filter {
  7.     grok {
  8.         match => [
  9.              "message" , "\s*%{IPORHOST:clientip}\s+\-\s+\-\s+

    \s+\"%{WORD:verb}\s+(?<api>(\S+))\?.*\s+HTTP/%{NUMBER:httpversion}\"\s+%{NUMBER:http_status_code}\s+%{NUMBER:bytes}\s+(%{BASE16FLOAT:request_time})\s+%{IPORHOST:remoteip}",

  10.               "message" ,"\s*%{IPORHOST:clientip}\s+\-\s+\-\s+

    \s+\"%{WORD:verb}\s+(?<api>(\S+))\s+HTTP/%{NUMBER:httpversion}\"\s+%{NUMBER:http_status_code}\s+%{NUMBER:bytes}\s+(%{BASE16FLOAT:request_time})\s+%{IPORHOST:remoteip}",

  11.              "message" ,"\s*%{IPORHOST:clientip}\s+\-\s+\-\s+

    \s+\"%{WORD:verb}\s+(?<api>(\S+))\s+HTTP/%{NUMBER:httpversion}\"\s+%{NUMBER:http_status_code}\s+\-\s+(%{BASE16FLOAT:request_time})\s+%{IPORHOST:remoteip}"

  12.         ]
  13.     }
  14.         mutate {
  15.                         convert => [ "request_time", "float"]
  16.                        add_field =>["response_time","%{request_time}"]
  17.                         remove_field =>["request_time"]
  18.                        add_field => [ "[@metadata][zabbix_key]" , "logstash-api-access" ]
  19.                        add_field => [ "[@metadata][zabbix_host]" , "dr-mysql01" ]
  20.                 }
  21.    date {
  22.         match => ["time", "dd/MMM/yyyy:HH:mm:ss Z"]
  23.     }
  24. }
  25. output {
  26. if [response_time] >= 5  {
  27. zabbix {
  28.         zabbix_host => "[@metadata][zabbix_host]"
  29.         zabbix_key => "[@metadata][zabbix_key]"
  30.         zabbix_server_host => "192.168.32.55"
  31.         zabbix_server_port => "10051"
  32.         zabbix_value => "message"
  33.         }
  34. }
  35.  stdout {
  36.                         codec => rubydebug
  37.                 }
  38. }
  39. 这里的 [ "[@metadata][zabbix_host]" , "dr-mysql01" ] host是指zabbix里配置的主机名
  40. [ "[@metadata][zabbix_key]" , "logstash-api-access" ] zabbix 配置的key

  • 我的微信
  • 这是我的微信扫一扫
  • weinxin
  • 我的微信公众号
  • 我的微信公众号扫一扫
  • weinxin
ssh

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: