logstash和elasticlog(logstash and elasticlog)

logstash和elasticlog(logstash and elasticlog)

我想用logstash和elasticsearch索引我的日志。

这是我的问题： 我有两个环境：

生产（产品） 用户接受（uat）

我想使用一个elasticsearch集群来存储我的日志。 如何将这两组日志分开？

例如，如果我在端口9092（例如）上打开logstash web ui，我希望能够从我的prod环境中查找日志，如果我在端口9093上打开logstash web ui（例如），我希望能够从我的环境中查找日志。

请问您能告诉我如何实施这个建议？

I want to index my logs with logstash and elasticsearch.

Here is my problem: I have two environments :

production (prod) user acceptance (uat)

I'd like to store my logs using one cluster of elasticsearch. How can I separate these two groups of logs?

For example, if I open the logstash web ui on port 9092(for example), I want to be able to look up logs from my prod environment and if I open logstash web ui on port 9093 (for example) I want to be able to look up logs from my uat environment.

Please can you give me advice of how can I implement this?

最满意答案

将自定义标记应用于日志，因为它们通过grok放入elasticsearch中。 然后，从您的web ui，您可以简单地过滤这些标签，只显示带有这些标签的日志。

Apply custom tags to the logs as they are put into elasticsearch via grok. Then from your web ui, you can simply filter on those tags to only display logs with those tags.