在 logstash 中过滤日志并保存到 Elastic Search
[英]Filter logs in logstash and save to Elastic Search
问题描述
I am dumping all my logs into Elastic Search.
我将所有日志都转储到 Elastic Search 中。 It looks like.看起来像。
Now I want:现在我想要:
- Only limited fields should be pushed to ES.只有有限的字段应该被推送到 ES。
- Parse message part and add another field
log.level:and save the value INFO/DEBUG/ERROR from the message field.解析消息部分并添加另一个字段log.level:并保存消息字段中的值 INFO/DEBUG/ERROR。
Can anyone help me to do that.谁能帮我做到这一点。 I am new to Elastic.我是弹性新手。
My logstash.conf is我的 logstash.conf 是
input {
beats {
port => 5044
}
}
output {
if [agent][hostname]=="TEST-PC"{
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "INDEXNAME"
user => "elastic"
password => "password"
}
}
}
1 个解决方案
解决方案1
0 2020-12-22 00:01:11
Add this filter section to your logstash config file.将此过滤器部分添加到您的 logstash 配置文件中。
filter {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601}\s\[%{NOTSPACE:Meta}\]\s%{WORD:Logtype}\s%{GREEDYDATA:Log_Message}" }
}
if "INFO" in [Logtype] {
drop{}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
如何将Logstash日志缓冲到弹性搜索 - How to buffer logstash logs to elastic search
使用Logstash将日志发送到弹性搜索 - Sending logs to elastic search using logstash
使用弹性搜索/ kibana / logstash集中pm2日志 - Centralizing pm2 logs with elastic search/kibana/logstash
Logstash弹性搜索 - Logstash-Elastic search
根据唯一的 Trace Id 组合 Filebeat 日志以传送到 Elastic Search(无 Logstash) - Combine Filebeat Logs to ship to Elastic Search based on unique Trace Id (Without Logstash)
Logstash未在弹性搜索中创建索引 - Logstash is not creating index in elastic search
使用logstash和弹性搜索进行自定义解析 - custom parse with logstash and elastic search
弹性搜索+LogStash无法连接 - Elastic search + LogStash cannot connect
Logstash 不向弹性搜索发送数据 - Logstash not sending data to elastic search
Logstash不会与Elastic Search交谈 - Logstash wont talk to Elastic Search
相关标签