elasticsearch 如何处理输入文件logstash中的特殊字符,elasticsearch,logstash,elk,elasticsearch,Logstash,Elk" /> elasticsearch 如何处理输入文件logstash中的特殊字符,elasticsearch,logstash,elk,elasticsearch,Logstash,Elk" />
Fatal编程技术网
  • elasticsearch/
  • elasticsearch 如何处理输入文件logstash中的特殊字符

elasticsearch 如何处理输入文件logstash中的特殊字符

logstash

elasticsearch 如何处理输入文件logstash中的特殊字符,elasticsearch,logstash,elk,elasticsearch,Logstash,Elk,使用logstash推送麋鹿时,我的数据有问题。 这是我的输入文件 input { file { path => ["C:/Users/HoangHiep/Desktop/test17.txt"] type => "_doc" start_position => beginning } } filter { dissect {

使用logstash推送麋鹿时,我的数据有问题。 这是我的输入文件

input {
        file {
                path => ["C:/Users/HoangHiep/Desktop/test17.txt"]
                type => "_doc"
                start_position => beginning
        }
}
filter {
    dissect {
        mapping => {
            "message" => "%{word}"
        }
    }
}
output {
        elasticsearch{
                hosts => ["localhost:9200"]
                index => "test01"
        }
        stdout { codec => rubydebug}
}
我的数据是

"day la text"
这是输出

{
          "host" => "DESKTOP-T41GENH",
          "path" => "C:/Users/HoangHiep/Desktop/test17.txt",
    "@timestamp" => 2020-01-15T10:04:52.746Z,
      "@version" => "1",
          "type" => "_doc",
       "message" => "\"day la text\"\r",
          "word" => "\"day la text\"\r"
}
有没有办法处理字符(“)。 我希望“单词”就像“day la text\r”没有字符“

谢谢大家。

如果这项更改对您有效,我可以解释更多。我之所以这么说,是因为我有最新的mac电脑,所以在我的邮件中看不到尾随的
\r

输入的内容与您的一样
“day la text”

回应是

{
    "@timestamp" => 2020-01-15T15:01:58.828Z,
      "@version" => "1",
       "headers" => {
           "http_version" => "HTTP/1.1",
         "request_method" => "POST",
            "http_accept" => "*/*",
        "accept_encoding" => "gzip, deflate",
          "postman_token" => "5ae8b2a0-2e94-433c-9ecc-e415731365b6",
          "cache_control" => "no-cache",
           "content_type" => "text/plain",
             "connection" => "keep-alive",
        "http_user_agent" => "PostmanRuntime/7.21.0",
              "http_host" => "localhost:8080",
         "content_length" => "13",
           "request_path" => "/"
    },
          "host" => "0:0:0:0:0:0:0:1",
        "message" => "day la text"   <===== see the extra inbuilt `\"` gone.
}

{
“@timestamp”=>2020-01-15T15:01:58.828Z,
“@version”=>“1”,
“标题”=>{
“http_版本”=>“http/1.1”,
“请求方法”=>“发布”,
“http_accept”=>“*/*”,
“接受_编码”=>“gzip,放气”,
“邮递员令牌”=>“5ae8b2a0-2e94-433c-9ecc-e415731365b6”,
“缓存控制”=>“无缓存”,
“内容类型”=>“文本/普通”,
“连接”=>“保持活动状态”,
“http_用户_代理”=>“PostmanRuntime/7.21.0”,
“http_主机”=>“本地主机:8080”,
“内容长度”=>“13”,
“请求路径”=>“/”
},
“主机”=>“0:0:0:0:0:0:0:0:1”,

“message”=>“day la text”我按照您的建议执行,但它不起作用。实际上,我希望处理引号。因为kibana的输出有“”。kibana的数据示例将显示为。word:“day la text”。我只需要文本=>day la text。好的,我以为您只需要删除最后一个引号。让我修改代码以删除第一个引号,同时查看我对
gsub
块所做的更改。我删除了
$
以不仅仅选择结尾
\”
,而是同时选择两者

{
    "@timestamp" => 2020-01-15T15:01:58.828Z,
      "@version" => "1",
       "headers" => {
           "http_version" => "HTTP/1.1",
         "request_method" => "POST",
            "http_accept" => "*/*",
        "accept_encoding" => "gzip, deflate",
          "postman_token" => "5ae8b2a0-2e94-433c-9ecc-e415731365b6",
          "cache_control" => "no-cache",
           "content_type" => "text/plain",
             "connection" => "keep-alive",
        "http_user_agent" => "PostmanRuntime/7.21.0",
              "http_host" => "localhost:8080",
         "content_length" => "13",
           "request_path" => "/"
    },
          "host" => "0:0:0:0:0:0:0:1",
        "message" => "day la text"   <===== see the extra inbuilt `\"` gone.
}