使用 Kibana 在弹性搜索中过滤消息正文
[英]Filter message body in elastic search using Kibana
问题描述
I have JSON in Kibana UI containing below information along with other details:--
我在 Kibana UI 中有 JSON 包含以下信息以及其他详细信息:-
host.name abcd
message 2020-07-29 03:59:19,393 -0700 INFO [http-nio-8080-exec-2139] abchohfowhofnfnnfnwlnflw
CLIENT_ID=MNOPQR xysbxs
I want to filter only the part CLIENT_ID=MNOPQR as search result in Kibana.我只想过滤部分 CLIENT_ID=MNOPQR 作为 Kibana 中的搜索结果。 Basically I want to get all the client_id name on the host abcd.基本上我想获取主机 abcd 上的所有 client_id 名称。
Is it possible to get the data?是否可以获取数据?
2 个解决方案
解决方案1
0 2020-07-29 17:55:16
Kibana's query language is based on Lucene query syntax. Kibana 的查询语言基于 Lucene 查询语法。 You should be able to filter the host.name field with the exact hostname you're after and wildcard the message similarly to below:您应该能够使用您所追求的确切主机名过滤 host.name 字段,并将消息通配符,如下所示:
host.name: "abcd" AND message: *CLIENT_ID=MNOPQR*
解决方案2
0 已采纳 2020-07-29 18:38:08
You need to filter for host.name='abcd'您需要过滤 host.name='abcd'
Then using the pipe line processors you can extract the client id like below然后使用 pipe 线处理器,您可以提取客户端 ID,如下所示
POST _ingest/pipeline/_simulate
{
"pipeline": {
"description" : "parse multiple patterns",
"processors": [
{
"grok": {
"field": "message",
"patterns": [ "CLIENT_ID=%{NOTSPACE:client_value}" ]
}
}
]
},
"docs":[
{
"_source": {
"message": "2020-07-29 03:59:19,393 -0700 INFO [http-nio-8080-exec-2139] abchohfowhofnfnnfnwlnflw CLIENT_ID=MNOPQR xysbxs"
}
}
]
}
And the result is
{
"docs" : [
{
"doc" : {
"_index" : "_index",
"_type" : "_doc",
"_id" : "_id",
"_source" : {
"message" : "2020-07-29 03:59:19,393 -0700 INFO [http-nio-8080-exec-2139] abchohfowhofnfnnfnwlnflw CLIENT_ID=MNOPQR xysbxs",
"client_value" : "MNOPQR"
},
"_ingest" : {
"timestamp" : "2020-07-29T18:25:29.07763Z"
}
}
}
]
}
enter code here
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.