我可以使用Kibana解析消息字段
[英]Can I use Kibana to parse the message field
问题描述
We are using ELK and shoving all syslogs into Elasticsearch. 
我们正在使用ELK并将所有系统日志推送到Elasticsearch中。
I have a log type like whose message field looks like: 我有一个类似其消息字段如下所示的日志类型:
"message":"11/04/2016 12:04:09 PM|There are now 8 active connections#015"
I would like to use Kibana to parse the message to get the number of active connections over time and then graph that in Kibana. 我想使用Kibana解析消息以获取一段时间内活动连接的数量,然后在Kibana中绘制该图形。
Am I thinking of how to do this correctly? 我在考虑如何正确执行此操作吗? The reading I've done seems to be telling me to set up a filter in Logstash...but that seems like the wrong place to parse the message field for this single log line type, given the amount of messages/logs and message/log types getting sent through Logstash. 我所做的阅读似乎是在告诉我在Logstash中设置过滤器...但是,鉴于消息/日志和消息/的数量,这似乎是解析此单个日志行类型的消息字段的错误位置。日志类型通过Logstash发送。
Is there a way to parse the message field for this number and then graph that count over time in Kibana? 有没有一种方法可以解析此数字的消息字段,然后在Kibana中绘制随时间变化的图表?
1 个解决方案
解决方案1
1 2016-11-04 18:15:30
Kibana is not meant to do this kind of parsing. Kibana并不是要进行这种解析。 There are a few options you can use: 您可以使用一些选项:
- You could write an analyser that analyses this string. 您可以编写一个分析器来分析此字符串。 It can be done, but I would not do it like this. 可以做到,但我不会这样。
- Use logstash, but you already suggested that yourself. 使用logstash,但是您已经建议了自己。 If you feel log stash is to heavy and you have a choice for the version to use, go for option three. 如果您觉得日志存储量太重,并且可以选择要使用的版本,请选择选项三。
- Use ingest, this is a new feature of elasticsearch. 使用摄取,这是elasticsearch的新功能。 This is kind of a lightweight logstash that comes pre-packaged with elastic, it support patterns with grok that can do this. 这是一种轻量级原木,预包装有松紧带,它支持带有grok的图案,可以做到这一点。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.