elasticsearch 如何处理输入文件logstash中的特殊字符
使用logstash推送麋鹿时,我的数据有问题。 这是我的输入文件elasticsearch 如何处理输入文件logstash中的特殊字符,elasticsearch,logstash,elk,elasticsearch,Logstash,Elk,使用logstash推送麋鹿时,我的数据有问题。 这是我的输入文件 input { file { path => ["C:/Users/HoangHiep/Desktop/test17.txt"] type => "_doc" start_position => beginning } } filter { dissect {
input {
file {
path => ["C:/Users/HoangHiep/Desktop/test17.txt"]
type => "_doc"
start_position => beginning
}
}
filter {
dissect {
mapping => {
"message" => "%{word}"
}
}
}
output {
elasticsearch{
hosts => ["localhost:9200"]
index => "test01"
}
stdout { codec => rubydebug}
}
我的数据是
"day la text"
这是输出
{
"host" => "DESKTOP-T41GENH",
"path" => "C:/Users/HoangHiep/Desktop/test17.txt",
"@timestamp" => 2020-01-15T10:04:52.746Z,
"@version" => "1",
"type" => "_doc",
"message" => "\"day la text\"\r",
"word" => "\"day la text\"\r"
}
有没有办法处理字符(“)。
我希望“单词”就像“day la text\r”没有字符“
谢谢大家。如果这项更改对您有效,我可以解释更多。我之所以这么说,是因为我有最新的mac电脑,所以在我的邮件中看不到尾随的
\r
输入的内容与您的一样“day la text”
回应是
{
"@timestamp" => 2020-01-15T15:01:58.828Z,
"@version" => "1",
"headers" => {
"http_version" => "HTTP/1.1",
"request_method" => "POST",
"http_accept" => "*/*",
"accept_encoding" => "gzip, deflate",
"postman_token" => "5ae8b2a0-2e94-433c-9ecc-e415731365b6",
"cache_control" => "no-cache",
"content_type" => "text/plain",
"connection" => "keep-alive",
"http_user_agent" => "PostmanRuntime/7.21.0",
"http_host" => "localhost:8080",
"content_length" => "13",
"request_path" => "/"
},
"host" => "0:0:0:0:0:0:0:1",
"message" => "day la text" <===== see the extra inbuilt `\"` gone.
}
{
“@timestamp”=>2020-01-15T15:01:58.828Z,
“@version”=>“1”,
“标题”=>{
“http_版本”=>“http/1.1”,
“请求方法”=>“发布”,
“http_accept”=>“*/*”,
“接受_编码”=>“gzip,放气”,
“邮递员令牌”=>“5ae8b2a0-2e94-433c-9ecc-e415731365b6”,
“缓存控制”=>“无缓存”,
“内容类型”=>“文本/普通”,
“连接”=>“保持活动状态”,
“http_用户_代理”=>“PostmanRuntime/7.21.0”,
“http_主机”=>“本地主机:8080”,
“内容长度”=>“13”,
“请求路径”=>“/”
},
“主机”=>“0:0:0:0:0:0:0:0:1”,
“message”=>“day la text”我按照您的建议执行,但它不起作用。实际上,我希望处理引号。因为kibana的输出有“”。kibana的数据示例将显示为。word:“day la text”。我只需要文本=>day la text。好的,我以为您只需要删除最后一个引号。让我修改代码以删除第一个引号,同时查看我对gsub
块所做的更改。我删除了$
以不仅仅选择结尾\”
,而是同时选择两者
{
"@timestamp" => 2020-01-15T15:01:58.828Z,
"@version" => "1",
"headers" => {
"http_version" => "HTTP/1.1",
"request_method" => "POST",
"http_accept" => "*/*",
"accept_encoding" => "gzip, deflate",
"postman_token" => "5ae8b2a0-2e94-433c-9ecc-e415731365b6",
"cache_control" => "no-cache",
"content_type" => "text/plain",
"connection" => "keep-alive",
"http_user_agent" => "PostmanRuntime/7.21.0",
"http_host" => "localhost:8080",
"content_length" => "13",
"request_path" => "/"
},
"host" => "0:0:0:0:0:0:0:1",
"message" => "day la text" <===== see the extra inbuilt `\"` gone.
}