使用Logstash处理基于JSON的日志
[英]Working on JSON based logs using logstash
问题描述
I have a logs which contains logs as following format 
我有一个包含以下格式的日志的日志
{ "start_time" : "12-May-2011", "name" : "this is first heading", "message" : "HELLO this is first message" }
{ "start_time" : "13-May-2011", "name" : "this is second heading", "message" : "HELLO this is second message" }
{ "start_time" : "14-May-2011", "name" : "this is third heading", "message" : "HELLO this is third message" }
...
I am new to logstash, I am currently having an app that is creating this log entries as JSON strings one below the other in that file (say location as /root/applog/scheduler.log) 我是Logstash的新手,我目前有一个应用程序,该应用程序以JSON字符串的形式在该文件的另一个下方创建此日志条目(例如,位置为/root/applog/scheduler.log)。
I m looking for some help on how to parse this json from the logs into different fields to the stdout. 我正在寻找有关如何将json从日志解析到stdout的不同字段中的帮助。 How does the conf file should be. conf文件应该如何。
note: idea is later to use it to kibana for visualization. 注意:后来的想法是将其用于kibana进行可视化。
2 个解决方案
解决方案1
2 已采纳 2015-07-24 07:34:44
Example config: 配置示例:
input {
file {
path => ["/root/applog/scheduler.log"]
codec => "json"
start_position => "beginning" # If your file already exists
}
}
filter { } # Add filters here (optional)
output {
elasticsearch { } # pass the output to ES to prepare visualization with kibana
stdout { codec => "rubydebug" } # If you want to see the result in stdout
}
解决方案2
0 2015-07-23 19:47:34
Logstash包含一个json编解码器 ,它将为您将json拆分为多个字段。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.