logstash _grokparsefailure 用于非常简单的标记
[英]logstash _grokparsefailure for realy simple tag
问题描述
I don't understand why I have a grokparse failure for this simple config :
我不明白为什么这个简单的配置会出现 grokparse 失败:
input {
file {
path => "/var/log/*.log"
codec => json {
}
}
}
filter {
grok {
add_tag => ["test"]
}
}
output {
elasticsearch {
/.../
}
}
The logs are correcly sent to elasticsearch, the json is correcly parsed, but the added tag don't work, instead I have a tag "_grokparsefailure".日志被正确发送到elasticsearch,json被正确解析,但添加的标签不起作用,而是我有一个标签“_grokparsefailure”。 What I want is to pass a static value as a tag.我想要的是传递一个静态值作为标签。
I am surely missing something dumb, but I can't find what.我肯定错过了一些愚蠢的东西,但我找不到什么。
1 个解决方案
解决方案1
0 已采纳 2020-04-03 03:27:24
Your grok filter does nothing, there is no pattern to match, the tag would only be applied after a successful match.您的grok过滤器不执行任何操作,没有要匹配的模式,只有在成功匹配后才会应用标签。
To add a tag in your case you can use the tags option in your input or the mutate filter.要在您的案例中添加标签,您可以在输入或mutate过滤器中使用tags选项。
To use the tags option just add change your input to this one:要使用tags选项,只需将您的输入添加到此选项:
input {
file {
path => "/var/log/*.log"
codec => json
tags => ["test"]
}
}
To use the mutate filter, put the bellow config inside your filter block.要使用mutate过滤器,请将波纹管配置放在filter块中。
mutate {
add_tag => ["test"]
}
Both configurations will add a test tag to all your messages.这两种配置都会为您的所有消息添加一个test标签。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.