ELK LDAP日志过滤
[英]ELK LDAP log filtering
问题描述
Two things: Our logs look like this - 
两件事:我们的日志如下所示-
May 11 06:51:31 ldap slapd[6694]: conn=1574001 op=1 SRCH base="cn=s_02,ou=users,o=meta" scope=0 deref=0 filter="(...)"
I need to 1) take the time stamp and set it to the left column "time" in Kibana's discover panel and 2) take the number after connection and make it a field so as to be able to order them by number.
我需要1)获取时间戳并将其设置在Kibana的发现面板中的左列“时间”中,以及2)连接后获取数字并将其设置为一个字段,以便能够按数字对其进行排序。
I've spent all day researching and date and mutate seem promising, but I haven't been able to get them correctly implemented.
我花了一整天的时间进行研究,并且日期和变异似乎很有前途,但我无法正确实现它们。
The config file looks like this:
配置文件如下所示:
input { file { path => "/Desktop/logs/*.log" type => "log" sincedb_path => "/dev/null" } } output { elasticsearch { hosts => "127.0.0.1" index => "logstash-%{type}-%{+YYYY.MM.dd}" } file { path => "/home/logsOut/%{type}.%{+yyyy.MM.dd.HH.mm}" } }
1 个解决方案
解决方案1
0 2016-05-19 19:48:45
If you only need these two as seperate fields: 如果只需要将这两个字段作为单独的字段:
filter {
grok {
match => {
"message" => [ "%{SYSLOGBASE} conn=%{INT:conn}" ]
}
}
date {
match => [ "timestamp", "MMM dd HH:mm:ss" ]
target => "time"
}
mutate {
convert => { "conn" => "integer" }
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
ELK 与 LDAP 的集成 - Integration between ELK and LDAP
ELK-使用Logstash过滤数据 - ELK - Filtering data with Logstash
苹果系统日志到ELK - Apple System Log to ELK
应用程序日志文件到 ELK - Application log files to ELK
ELK apache spark 应用日志 - ELK apache spark application log
日志存放位置ELK栈 - Log storage location ELK stack
ELK堆栈的日志报告软件 - Log report software for ELK stack
配置ELK + log4j - Configuration ELK + log4j
非HTTP日志的ELK堆栈 - ELK stack for non http log
ELK堆栈中的日志不活动监视 - Log inactivity monitoring in ELK stack
相关标签