Logstash>跳过错误匹配
这是apache access\u日志的日志存储配置:Logstash>跳过错误匹配,logstash,logstash-grok,Logstash,Logstash Grok,这是apache access\u日志的日志存储配置: input { file { path => "/var/log/http.log" } } filter { grok { match => { "message" => "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" } } } 我想收集除%{WORD:me
input {
file {
path => "/var/log/http.log"
}
}
filter {
grok {
match => { "message" => "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" }
}
}
如何让字段从Being转移到ElasticSearch时被跳过/忽略?您可以通过删除word之后出现的word method来完成此操作。因此,您的grok过滤器看起来像: match => { "message" => "%{IP:client} %{WORD} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" } }
冒号后面出现的单词是变量名,其中存储并传递IP、WORD、NUMBER等类型。您应该在grok筛选器上使用Mutate块