更新

logstash/docker-compose.yml

+version: '3.2'
+
+services:
+  logstash:
+    build:
+      context: logstash/
+      args:
+        ELK_VERSION: $ELK_VERSION
+    volumes:
+      - type: bind
+        source: ./logstash/config/logstash.yml
+        target: /usr/share/logstash/config/logstash.yml
+        read_only: true
+      - type: bind
+        source: ./logstash/pipeline
+        target: /usr/share/logstash/pipeline
+        read_only: true
+    ports:
+      - "5044:5044"
+      - "5000:5000/tcp"
+      - "5000:5000/udp"
+      - "9600:9600"
+    environment:
+      LS_JAVA_OPTS: "-Xmx256m -Xms256m"
+    networks:
+      - elk
+networks:
+  elk:
+    driver: bridge
\ No newline at end of file

logstash/logstash/Dockerfile

+ARG ELK_VERSION
+
+# https://www.docker.elastic.co/
+FROM docker.elastic.co/logstash/logstash:7.5.1
+
+# Add your logstash plugins setup here
+# Example: RUN logstash-plugin install logstash-filter-json
\ No newline at end of file

logstash/logstash/config/logstash.yml

+---
+## Default Logstash configuration from Logstash base image.
+## https://github.com/elastic/logstash/blob/master/docker/data/logstash/config/logstash-full.yml
+#
+http.host: "0.0.0.0"
+xpack.monitoring.elasticsearch.hosts: [ "http://10.0.5.18:9200" ]
+
+## X-Pack security credentials
+#
+xpack.monitoring.enabled: true
+xpack.monitoring.elasticsearch.username: elastic
+xpack.monitoring.elasticsearch.password: secret #根据环境更改
\ No newline at end of file

logstash/logstash/pipeline/logstash.conf

+input {
+        beats {
+                port => 5000
+        }
+
+}
+
+
+filter {
+
+
+     ruby {
+         code => "event.set('timestamp', event.get('@timestamp').time.localtime + 8*60*60)"
+     }
+     ruby {
+         code => "event.set('@timestamp',event.get('timestamp'))"
+     }
+
+    mutate{
+
+     remove_field=>["@version"]
+     remove_field=>["log"]
+     remove_field=>["@version"]
+     remove_field=>["input"]
+     remove_field=>["fields"]
+     remove_field=>["tags"]
+     remove_field=>["host"]
+     remove_field=>["agent"]
+     remove_field=>["ecs"]
+     remove_field=>["timestamp"]
+
+
+    }
+
+}
+
+## Add your filters / logstash plugins configuration here
+
+output {
+
+    if [json][http_activity_id]!="" {
+        elasticsearch {
+                hosts => "10.0.5.18:9200"#根据环境更改
+                user => "elastic"
+                password => "secret" #根据环境更改
+                index=>"visit_logs"   #设置索引名字
+
+
+        }
+    }
+}
\ No newline at end of file