使用Logstash自動解析日志字段
[英]Automatically parse logs fields with Logstash
問題描述
假設我有這種日志:
6月2日00:00:00 192.168.14.4日期= 2016-06-01時間= 23:56:05 devname = POPB-FW-01 devid = FG1K2D3I14800220 logid = 1059028704 type = utm subtype = app-ctrl eventtype = app-ctrl -all level = information vd =“ root” appid = 40568 user =“” srcip = 10.20.4.35 srcport = 52438 srcintf =“ VRF-PUBLIC” dstip = 125.209.230.238 dstport = 443 dstintf =“ OUT” proto = 6 service = “ HTTPS” sessionid = 424666004 applist =“所有監視器” appcat =“ Web.Others” app =“ HTTPS.BROWSER” action = pass hostname =“ lcs.naver.com” url =“ /” msg =“ Web.Others :HTTPS.BROWSER,“ apprisk = medium
因此,使用下面的代碼,我可以在未來的彈性字段中正則化時間戳記和ip:
filter {
grok {
match => {"message" => "%{SYSLOGTIMESTAMP:timestamp} %{client}" }
}
}
現在,如何自動獲取其余日志的字段? 有沒有簡單的說法:
“ =“之前的內容是字段名稱,之后的內容是值。
因此,我可以為每個日志行的許多字段獲取具有彈性索引的JSON:
{
"path" => "C:/Users/yoyo/Documents/yuyu/temp.txt", "@timestamp" => 2017-11-29T10:50:18.947Z, "@version" => "1", "client" => "192.168.14.4", "timestamp" => "Jun 2 00:00:00", "date" => "2016-06-01", "time" => "23:56:05", "devname" => "POPB-FW-01 ", "devid" => "FG1K2D3I14800220", etc,...}
提前致謝
1 個解決方案
解決方案1
1 已采納 2017-11-29 11:10:22
好吧,我真的很傻
這很容易,而不是在Google上搜索如何匹配等於,我只需要搜索與logstash匹配的鍵值。
所以我只需要寫:
filter {
kv {
}
}
完成了!
抱歉
解析並轉發詹金斯構建日志到logstash / elastricsearch
[英]Parse and forward jenkins build logs to logstash/ elastricsearch
如何解析和提取特定字段並將其存儲到logstash過濾器的另一個字段中?
[英]how to parse and extract specific fields and store it into another field in logstash filter?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.