如何在Logstash中编写grok过滤器以接受变量参数

Question

How to write grok filter rule, if message contains transactions of variable arguments. 如果消息包含可变参数的事务，如何编写grok过滤器规则。

For example: 例如：

22-Jun-2015 04:45:56 Transaction for Bill 123 item1=100 item2=200 item3=300
22-Jun-2015 05:45:23 Transaction for Bill 124 item1=200
22-Jun-2015 06:23:36 Transaction for Bill 125 item4=400 item2=200 item1=100 item5=500

We can match date, time, bill # in the above case but how to handle for variable arguments item here. 在上述情况下，我们可以匹配日期，时间，账单号，但此处如何处理可变参数项。

Answer 1

Finally I was able to do that using kv{} option of logstash 最终，我能够使用logstash的kv {}选项做到这一点

For example: 例如：

 item1=100&item2=200&item3=300
 item1=100&item2=200&item3=300&item4=400

I created two messages and then I got the below output; 我创建了两个消息，然后得到以下输出；

{
   "message" => "item1=100&item2=200&item3=300",
  "@version" => "1",
"@timestamp" => "2015-07-04T19:20:15.831Z",
      "host" => "viswesn-PC",
     "item1" => "100",
     "item2" => "200",
     "item3" => "300",
      "tags" => [
          [0] "true"
      ]
}
  {
   "message" => "item1=100&item2=200&item3=300&item4=400",
  "@version" => "1",
"@timestamp" => "2015-07-04T19:20:25.866Z",
      "host" => "viswesn-PC",
     "item1" => "100",
     "item2" => "200",
     "item3" => "300",
     "item4" => "400",
      "tags" => [
         [0] "true"
   ]
}

如何在Logstash中编写grok过滤器以接受变量参数

问题描述

1 个解决方案

解决方案1
0 2015-07-04 19:23:19

如何在Logstash中编写grok过滤器以接受变量参数

问题描述

1 个解决方案

解决方案1 0 2015-07-04 19:23:19

解决方案1
0 2015-07-04 19:23:19