堆棧內存溢出
  簡體   English   中英

Logstash csvparsefailure和dateparsefailure

[英]Logstash csvparsefailure and dateparsefailure

 原文  2017-02-20 03:53:34       php/ logstash

問題描述

我正在使用此過濾器來解析我從php文件生成的某些csv數據。 我正在從名為msi afterburner的gpu監視工具獲取輸出,該工具輸出.hml文件。 有大量的空格和無關的標頭,我的php文件將其刪除並輸出以逗號分隔的值。 

 filter 
    {
        csv 
        {
            columns => ["somename","@timestamp","cpu.avg.temp","gpu.temp","fan.speed","gpu.usage","bus.usage","fan.tachometer","clock.core","framerate.hz","framerate.ms","cpu.temp.1","cpu.temp.2","cpu.temp.3","cpu.temp.4"]
            separator => ","
            skip_empty_columns => "true"
        }
        mutate 
        {
            convert => ["somename","integer"]
            convert => ["cpu.avg.temp","float"]
            convert => ["gpu.temp","float"]
            convert => ["fan.speed","float"]
            convert => ["gpu.usage","float"]
            convert => ["bus.usage","float"]
            convert => ["fan.tachometer","float"]
            convert => ["clock.core", "float"]
            convert => ["framerate.hz","float"]
            convert => ["framerate.ms","float"]
            convert => ["cpu.temp.1","float"]
            convert => ["cpu.temp.2","float"]
            convert => ["cpu.temp.3","float"]
            convert => ["cpu.temp.4","float"]
        }
        date 
        {
            match => ["@timestamp", "dd-MM-yyyyHH:mm:ss"]
        }
    }

這是輸出logstash扔給我的。 我想知道這是由於我的日期格式錯誤,還是在消息末尾出現一個特殊字符'\\ r'。 我想知道logstash是否甚至可以讀取dd-MM-yyyyHH:mm:ss格式,其中年和小時緊密結合在一起,否則我可能會遇到麻煩。 

{
          "path" => "C:\\Users\\Public\\Documents\\gpumetrics.csv",
      "somename" => 80,
    "@timestamp" => 2017-02-20T02:33:10.764Z,
      "@version" => "1",
          "host" => "DESKTOP-Q8UEATO",
       "message" => "80,19-02-201721:33:10,32.000,41.000,0.000,0.000,0.000,0.000,215.000,0.000,0.000,31.000,32.000,30.000,31.000\r",
          "type" => "csv",
          "tags" => [
        [0] "_csvparsefailure",
        [1] "_dateparsefailure"
    ]
}

這是我的日志文件中的一些示例行。 您可能會注意到,時間戳記之前有一個字段。 我想知道是否允許這樣做。 

80,19-02-201713:20:32,44.000,43.000,0.000,0.000,0.000,0.000,215.000,,,37.000,42.000,41.000,38.000
80,19-02-201713:20:33,47.000,43.000,0.000,0.000,0.000,0.000,215.000,,,46.000,47.000,45.000,44.000
80,19-02-201713:20:34,53.000,43.000,0.000,0.000,0.000,0.000,215.000,,,35.000,50.000,36.000,37.000
80,19-02-201713:20:35,37.000,43.000,0.000,0.000,0.000,0.000,215.000,,,37.000,37.000,37.000,34.000
80,19-02-201713:20:36,34.000,44.000,0.000,0.000,0.000,0.000,1582.000,0.000,0.000,39.000,34.000,33.000,36.000
80,19-02-201713:20:37,46.000,44.000,0.000,0.000,0.000,0.000,1582.000,0.000,0.000,45.000,37.000,43.000,37.000

1 個解決方案

解決方案1
 1 已采納  2017-02-20 05:18:34

您可以通過更改timestamp變量的名稱非常簡單地解決問題,因為@timestamp是在解析行之前在內部創建的。 

filter 
    {
        csv 
        {
                               remove the @
                                    |
                                    v
            columns => ["somename","timestamp","cpu.avg.temp","gpu.temp","fan.speed","gpu.usage","bus.usage","fan.tachometer","clock.core","framerate.hz","framerate.ms","cpu.temp.1","cpu.temp.2","cpu.temp.3","cpu.temp.4"]
            separator => ","
            skip_empty_columns => "true"
        }
        ...
        date 
        {
            match => ["timestamp", "dd-MM-yyyyHH:mm:ss"]
                       ^
                       |
                  remove the @
        }
    }

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 將表單輸入日志記錄到Logstash 帶有logstash的laravel日志系統 如何使用PHP腳本測試logstash 通過exec PHP執行Logstash Elasticsearch的Logstash couchdb_changes插件 什么是從PHP存儲Logstash日志的最簡單方法
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM