Fatal编程技术网
  • logstash/
  • Logstash将文本过滤为json格式

Logstash将文本过滤为json格式

logstash

Logstash将文本过滤为json格式,logstash,Logstash,这是我们的日志存储标准: { "_index": "logstash", "_type": "_doc", "_id": "UPUcBnEBHL50VNrwHY-Q", "_version": 1, "_score": null, "_source": {"host": {"name": "xxxxxx"}, "@timestamp": "2020-03-23T06:37:16.915Z", "data": {"node": "node1","level": "INFO", "ti

这是我们的日志存储标准:

    { 
"_index": "logstash",
"_type": "_doc",
"_id": "UPUcBnEBHL50VNrwHY-Q",
"_version": 1, 
"_score": null,
"_source": 
{"host": {"name": "xxxxxx"},
"@timestamp": "2020-03-23T06:37:16.915Z",
"data": {"node": "node1","level": "INFO", "timestamp": "2020-03-23T07:37:11,050","thread": "EthScheduler-Workers-3","throwable": "","class": "BlockPropagationManager","message": "Imported #979 / 0 tx / 0 om / 0 (0.0%) gas /(0xcbd404f6cec12eaecb9bed309b953fe5671ee868843807321772369b47756371) in 0.000s."}
}
我们希望ELS中“数据”对象中的“消息”文本字段:

你能帮我们解决这个问题吗? 提前谢谢!
BR

您需要为此编写自定义grok模式,匹配消息字段中的各种子字符串,例如提取导入的字段

    "message": "Imported #979 / 0 tx / 0 om / 0 (0.0%) gas / (0xcbd404f6cec12eaecb9bed309b953fe5671ee868843807321772369b47756371) in 0.000s."

in the JSON structured from below:

    {Imported: 979,Tx: 0,Gas: 0 Hash:0xcbd404f6cec12eaecb9bed309b953fe5671ee868843807321772369b47756371,duration: 0,000s}

  grok {
    match => { "message" => "Imported #%{NUMBER:Imported}" }
  }