Fatal编程技术网
  • csv/
  • logstash:http输入只接受第一行(使用csv过滤器)

logstash:http输入只接受第一行(使用csv过滤器)

csv

logstash:http输入只接受第一行(使用csv过滤器),csv,elastic-stack,Csv,Elastic Stack,我是elk stack的新手,尝试监视通过http发送的日志。我有下面的日志存储配置。但它只读取并发送第一行到elastic search,尽管我在http POST请求正文中发送了多行(Im使用chromes DHC插件将http请求发送到logstash)。请帮助我阅读完整数据并将其发送到elastic search input { http { host => "127.0.0.1" # default: 0.0.0.0 port => 8081 # def

我是elk stack的新手,尝试监视通过http发送的日志。我有下面的日志存储配置。但它只读取并发送第一行到elastic search,尽管我在http POST请求正文中发送了多行(Im使用chromes DHC插件将http请求发送到logstash)。请帮助我阅读完整数据并将其发送到elastic search

input {
  http {
    host => "127.0.0.1" # default: 0.0.0.0
    port => 8081 # default: 8080
    threads => 10
  }
}

filter {
  csv {
      separator => ","
      columns => ["posTimestamp","posCode","logLevel","location","errCode","errDesc","detail"]
  }
  date {
    match => ["posTimestamp", "ISO8601"]
  }
  mutate {
     strip => ["posCode", "logLevel", "location", "errCode", "errDesc" ]
     remove_field => [ "path", "message", "headers" ]
  }
}

output { 
    elasticsearch {
      protocol => "http"
      host => "localhost"
      index => "temp"
    }
    stdout { 
        codec => rubydebug
    }
}
样本数据: 2015-08-24T05:21:40.468352701060205140,错误,科伦坡,错误01,无效卡,测试POS错误 2015-08-24T05:21:41.468352701060205140,错误,科伦坡,错误01,无效卡,测试POS错误 2015-08-24T05:23:40.46881021320,错误,科伦坡,错误01,无效卡,测试POS错误
2015-08-25T05:23:50.468352701060205140,错误,科伦坡,错误02,超时,测试POS错误

通过添加拆分过滤器解决了这个问题

分裂{ }