- elasticsearch/
elasticsearch 使用logstash和弹性搜索进行自定义解析
elasticsearch 使用logstash和弹性搜索进行自定义解析
我是个新手
到目前为止,我已完成配置,一切正常。
我的日志文件如下所示:
2014-04-27 16:24:43 DEBUG b45e66 T+561 10.31.166.155 /v1/XXX<!session> XXX requested for category_ids: only_pro: XXX_ids:14525
{
_index: "logstash-2014.04.28",
_type: "logs",
_id: "WIoUbIvCQOqnz4tMZzMohg",
_score: 1,
_source: {
message: "2014-04-27 16:24:43 DEBUG b45e66 T+561 10.31.166.155 This is my log !",
@version: "1",
@timestamp: "2014-04-28T14:25:52.165Z",
host: "MYCOMPUTER",
path: "\logs\xxx_app.log"
}
}
e、 g:我希望我能将其解析为:
{
_index: "logstash-2014.04.28",
_type: "logs",
_id: "WIoUbIvCQOqnz4tMZzMohg",
_score: 1,
_source: {
logLevel: "DEBUG",
messageId: "b45e66",
sendFrom: "10.31.166.155",
logTimestamp: "2014-04-27 16:24:43",
message: "This is my log !",
@version: "1",
@timestamp: "2014-04-28T14:25:52.165Z",
host: "MYCOMPUTER",
path: "\logs\xxx_app.log"
}
}
您需要通过过滤器对其进行解析,例如。这可能有点棘手,所以要耐心尝试,尝试,尝试。还有,看看预定义的 您的邮件的开头是
%{DATESTAMP}%{WORD:logLevel}%{WORD:messageId}%{GREEDYDATA:someString}%{IP}input {
stdin {}
}
filter {
grok {
match => { "message" => "%{DATESTAMP} %{WORD:logLevel} %{WORD:messageId} %{GREEDYDATA:someString} %{IP}" }
}
}
output {
elasticsearch { host => localhost }
}
input {
stdin {}
}
filter {
grok {
match => { "message" => "%{DATESTAMP} %{WORD:logLevel} %{WORD:messageId} %{GREEDYDATA:someString} %{IP}" }
}
}
output {
elasticsearch { host => localhost }
}