#
input {
  kafka {
    bootstrap_servers => "elk:9092,elk2:9092,elk3:9092"    #zookeeper地址
    topics => ["elk_system"]
    codec => "json"                            #与Shipper端output配置项一致
    consumer_threads => 1                      #消费的线程数
    decorate_events => true                    #在输出消息的时候回输出自身的信息，包括：消费消息的大小、topic来源以>及consumer的group信息。
    type => "logstash_mixins"
  }
}
filter{
    mutate{
        remove_field => ["ecs","cloud","host","@version","input"]
        remove_field => "[agent][version]"
        remove_field => "[agent][ephemeral_id]"
        remove_field => "[agent][id]"
        remove_field => "[agent][type]"
    }
}

output {
  if [type] == "logstash_mixins" {
      elasticsearch {
          action   => "index"
          hosts    => ["elk:9200","elk2:9200","elk3:9200"]                           # The operation on ES
          index    => "%{[fields][type]}-%{+YYYY.MM.dd}"
          user     => "elastic"
          password => "xlFnyMMyZiqjkzLIV5Kd"
      }
  }
}



/usr/local/app/tars/tarsnode/data/Vipthink.CC/bin/log/log_20200721
/usr/local/app/tars/tarsnode/data/Vipthink.BB/bin/log/log_20200721

/usr/local/app/tars/tarsnode/data/Vipthink.SS/bin/log/log_20200721

/usr/local/app/tars/tarsnode/data/Vipthink.DD/bin/log/log_20200721




%{GREEDYDATA}/usr/local/app/tars/tarsnode/data/Vipthink.%{GREEDYDATA:servername}\/bin\/log\/%{GREEDYDATA}