堆栈内存溢出
  简体   繁体   English

带有 mutate 的 Logstash JSON 过滤器以添加新字段

[英]Logstash JSON filter with mutate to add new fields

 原文  2019-12-19 20:58:48       json/ filter/ logstash/ kibana

问题描述

I'm trying to fetch data from following log entry using the below logstash config file and filters, but the data isn't fetching from json instead it displays the grok pattern.我正在尝试使用下面的 logstash 配置文件和过滤器从以下日志条目中获取数据,但数据不是从 json 中获取,而是显示了 grok 模式。

Log:日志:

13:41:37.3921 Info {"message":"CTS execution started","level":"Information","logType":"Default","timeStamp":"2019-12-03T13:41:37.3861868-05:00","fingerprint":"29dad848-4ff7-4d2d-905b-460637f3d534","windowsIdentity":"home","machineName":"L02174400","processName":"CTS","processVersion":"1.0.5","jobId":"5bbc492c-bcb7-451f-b6ac-87d9784ad00d","robotName":"home","machineId":0,"fileName":"SendBackReasons(Autosaved)"}

Config:配置:

input{
    file{
        type => "executionlog"
        path => ["c:/users/xyj/appdata/local/uipath/logs/*[^W]_execution.log"]
            start_position => "beginning"
            sincedb_path => "c:/dbfile" 
              }
}

filter{
    grok{
        match => { "message" => ["(?<id>[\d\:\.]+)\s%{LOGLEVEL:level} %{GREEDYDATA:json-data}"]
              }
         }

    json{
        source => "json_data"
        target => "parsed_json"
            }
        mutate{
            add_field => {
                    "Info1" => "%{[json_data][message]}" #i tried parsed_json as well here
                    "level2" => "%{[json_data][level]}"

                    }
            }
    }
output{
    elasticsearch{
            hosts=>["http://localhost:9200"]
            index=> "uipathexecutionlog"
               }
               stdout{}
}

Kibana output: Kibana output Kibana 输出: Kibana 输出

1 个解决方案

解决方案1
 2 已采纳  2019-12-20 11:06:12

Try the below code,试试下面的代码,

filter{
    grok{
        match => { "message" => ["(?<id>[\d\:\.]+)\s%{LOGLEVEL:level} %{GREEDYDATA:json-data}"]
              }
         }

    json{
        source => "json-data"
        target => "parsed_json"
            }
        mutate{
            add_field => {
                    "Info1" => "%{[parsed_json][message]}" 
                    "level2" => "%{[parsed_json][level]}"

                    }
            }
    }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 logstash动态解析json以在输出中添加新字段 - logstash parse dynamically json to add new fields in the output logstash json过滤器未解析获取_jsonparsefailure的字段 - logstash json filter not parsing fields getting _jsonparsefailure Logstash json过滤器解析的字段无法在Logstash中读取 - Logstash json filter parsed fields cannot be read within logstash 是否可以使用 mutate 将 json 日志中的嵌套 json 字段值拆分为 logstash 过滤中的其他子字段? - is it possible to split a nested json field value in json log into further sub fields in logstash filtering using mutate? Logstash筛选器解析json文件结果为双字段 - Logstash filter parse json file result a double fields 在logstash中过滤json - filter json in logstash Grep Json String用于logstash过滤器 - Grep Json String for logstash filter logstash过滤器将文本添加到输出 - logstash filter add text to output 将新字段添加到JSONB中的嵌套JSON数组 - Add new fields to nested JSON array in JSONB logstash 聚合过滤器插件中的嵌套 json 对象 - Nested json objects in logstash aggregate filter plugin
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM