如何处理Logstash中的空字段
我面临Logstash KV滤波器的问题: 以下是示例事件:如何处理Logstash中的空字段,logstash,Logstash,我面临Logstash KV滤波器的问题: 以下是示例事件: 2016-08-15T12:43:04.478Z 103.240.35.216 <190>date=2016-08-15 time=18:13:16 timezone="IST" device_name="CR25iNG" device_id=C2222-123 log_id=010302602002 log_type="Firewall" log_component="Appliance Access" log_subt
2016-08-15T12:43:04.478Z 103.240.35.216 <190>date=2016-08-15 time=18:13:16 timezone="IST" device_name="CR25iNG" device_id=C2222-123 log_id=010302602002 log_type="Firewall" log_component="Appliance Access" log_subtype="Denied" status="Deny" priority=Information duration=0 fw_rule_id=0 user_name="" user_gp="" iap=0 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" in_interface="PortA" out_interface="" src_mac=44:d9:e7:ba:5b:6c src_ip=172.16.16.19 src_country_code= dst_ip=255.255.255.255 dst_country_code= protocol="UDP" src_port=45541 dst_port=10001 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="" srczone="" dstzonetype="" dstzone="" dir_disp="" connid="" vconnid=""
"dst_country_code" => "protocol=UDP",
"tran_src_ip" => "tran_src_port=0",
"tran_dst_ip" => "tran_dst_port=0",
请帮忙。我得到了Logstash社区的回应,这很有效
mutate {
gsub => [ 'message', '= ', '="" ' ]
}
谢谢。我收到了Logstash社区的回复,效果不错
mutate {
gsub => [ 'message', '= ', '="" ' ]
}
谢谢。你能显示你制作的
mutate/gsubmutate/gsub