帶有 mutate 的 Logstash JSON 過濾器以添加新字段
[英]Logstash JSON filter with mutate to add new fields
問題描述
我正在嘗試使用下面的 logstash 配置文件和過濾器從以下日志條目中獲取數據,但數據不是從 json 中獲取,而是顯示了 grok 模式。
日志:
13:41:37.3921 Info {"message":"CTS execution started","level":"Information","logType":"Default","timeStamp":"2019-12-03T13:41:37.3861868-05:00","fingerprint":"29dad848-4ff7-4d2d-905b-460637f3d534","windowsIdentity":"home","machineName":"L02174400","processName":"CTS","processVersion":"1.0.5","jobId":"5bbc492c-bcb7-451f-b6ac-87d9784ad00d","robotName":"home","machineId":0,"fileName":"SendBackReasons(Autosaved)"}
配置:
input{
file{
type => "executionlog"
path => ["c:/users/xyj/appdata/local/uipath/logs/*[^W]_execution.log"]
start_position => "beginning"
sincedb_path => "c:/dbfile"
}
}
filter{
grok{
match => { "message" => ["(?<id>[\d\:\.]+)\s%{LOGLEVEL:level} %{GREEDYDATA:json-data}"]
}
}
json{
source => "json_data"
target => "parsed_json"
}
mutate{
add_field => {
"Info1" => "%{[json_data][message]}" #i tried parsed_json as well here
"level2" => "%{[json_data][level]}"
}
}
}
output{
elasticsearch{
hosts=>["http://localhost:9200"]
index=> "uipathexecutionlog"
}
stdout{}
}
Kibana 輸出: Kibana 輸出
1 個解決方案
解決方案1
2 已采納 2019-12-20 11:06:12
試試下面的代碼,
filter{
grok{
match => { "message" => ["(?<id>[\d\:\.]+)\s%{LOGLEVEL:level} %{GREEDYDATA:json-data}"]
}
}
json{
source => "json-data"
target => "parsed_json"
}
mutate{
add_field => {
"Info1" => "%{[parsed_json][message]}"
"level2" => "%{[parsed_json][level]}"
}
}
}
logstash json過濾器未解析獲取_jsonparsefailure的字段
[英]logstash json filter not parsing fields getting _jsonparsefailure
Logstash json過濾器解析的字段無法在Logstash中讀取
[英]Logstash json filter parsed fields cannot be read within logstash
是否可以使用 mutate 將 json 日志中的嵌套 json 字段值拆分為 logstash 過濾中的其他子字段?
[英]is it possible to split a nested json field value in json log into further sub fields in logstash filtering using mutate?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
logstash動態解析json以在輸出中添加新字段
logstash json過濾器未解析獲取_jsonparsefailure的字段
Logstash json過濾器解析的字段無法在Logstash中讀取
是否可以使用 mutate 將 json 日志中的嵌套 json 字段值拆分為 logstash 過濾中的其他子字段?
Logstash篩選器解析json文件結果為雙字段
在logstash中過濾json
Grep Json String用於logstash過濾器
logstash過濾器將文本添加到輸出
將新字段添加到JSONB中的嵌套JSON數組
logstash 聚合過濾器插件中的嵌套 json 對象
相關標簽