Grep Json String用于logstash过滤器
[英]Grep Json String for logstash filter
问题描述
I am new to logstash and trying to go through different blogs / links to understand it in detail. 
我是Logstash的新手,并试图通过不同的博客/链接来详细了解它。 I am stuck with a issue where I want to parse Json string which is embedded in a normal string line . 我遇到了一个问题,我想解析嵌入在正常字符串行中的Json字符串。
Input String 输入字符串
2017-01-27 11:54:48 INFO PropertiesReader:33 - {"timestamp":1485518878968,"h":"297268184dde", "l":"INFO", "cN":"org.com.logstash.demo", "mN":"loadProperties", "m":"load property file from /var/tmp/conf"}
I want to extract highlighted Json string and apply Json plug-in on the Json . 我想提取突出显示的Json字符串并在Json上应用Json插件。 How can I achieve this ? 我该如何实现?
1 个解决方案
解决方案1
0 已采纳 2017-02-06 17:09:45
You simply need to use the json filter after your grok filter: 您只需要在grok过滤器之后使用json过滤器:
filter {
grok {
match => [ "message", "%{TIMESTAMP_ISO8601:LogDate} %{LOGLEVEL:loglevel} %{WORD:threadName}:%{NUMBER:ThreadID} - %{GREEDYDATA:Line}" ]
}
json {
source => "Line"
}
}
Also note that I've modified your grok pattern a little bit to exclude the - before the JSON data. 还要注意,我对您的grok模式做了一些修改,以排除JSON数据之前的- 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.