elasticsearch 提取日志文件片段以推送到日志存储,elasticsearch,logstash,elasticsearch,Logstash" /> elasticsearch 提取日志文件片段以推送到日志存储,elasticsearch,logstash,elasticsearch,Logstash" />
Fatal编程技术网
  • elasticsearch/
  • elasticsearch 提取日志文件片段以推送到日志存储

elasticsearch 提取日志文件片段以推送到日志存储

logstash

elasticsearch 提取日志文件片段以推送到日志存储,elasticsearch,logstash,elasticsearch,Logstash,如果我有下面这样的日志文件,我如何利用logstash提取我需要的信息并将其推送到ES中 test_web_events.py: START: Mon Apr 27 13:35:25 2015 # TESTCASE TestWebPost ================================================== # START TEST METHOD #################################: test_10_post_valid_json

如果我有下面这样的日志文件,我如何利用
logstash
提取我需要的信息并将其推送到ES中

test_web_events.py: START: Mon Apr 27 13:35:25 2015
# TESTCASE TestWebPost ==================================================
# START TEST METHOD #################################: test_10_post_valid_json
[2015-04-27T13:35:25.657887] HTTP DELETE http://pppdc3mu.net:8080/rastplatz/v1/sink/db?k0=bradford4
{}
HTTP response: 200
0
POSTING event_id b29b6c7c-48cd-4cd9-b3c4-aa0a7edc1f35 to ctg-business
Content-Type: text/plain
POSTING event_id 13678af1-3e3a-4a6e-a61c-404eb94b9768 to ctg-business
Content-Type: text/plain
POSTING event_id 47b70306-2e7c-4cb2-9e75-5755d8d101d4 to ctg-business
Content-Type: text/plain
POSTING event_id 6599cdb2-0630-470d-879d-1130cf70c605 to ctg-business
Content-Type: text/plain
POSTING event_id d088ce29-fa0d-4f45-b628-045dba1fd045 to ctg-business
Content-Type: text/plain
POSTING event_id 07d14813-b561-442c-9b86-dc40d1fcc721 to ctg-business
Content-Type: text/plain
POSTING event_id b6aea24a-5424-4a0f-aac6-8cbaecc410db to ctg-business
Content-Type: text/plain
POSTING event_id 016386bd-eac5-4f1c-8afc-a66326d37ddb to ctg-business
Content-Type: text/plain
POSTING event_id 6610485d-71af-4dfa-9268-54be5408a793 to ctg-business
Content-Type: text/plain
POSTING event_id 92786434-02f7-4248-a77b-bdd9d33b57be to ctg-business
Content-Type: text/plain
Posted 10 events
# END TEST METHOD ###################################: test_10_post_valid_json
test_web_events.py: FINISH: Mon Apr 27 13:35:36 2015
使用多行过滤器将所有内容连接到一个事件,并将其滚动到Elasticsearch中

你可以搜索{},也可以在搜索过程中对其进行过滤。

我有一个日志文件:我只想提取某些信息,如日期、时间和发布的事件数。我尝试将其放入elasticsearch结果中,挂起日志。如果您已经支付了支持,请使用它。否则,请跳转到#logstash IRC频道以获取更多实时帮助。