请坛子里的大牛看一下 谢谢
我想指定Time Field 为runtime
以下是我的shiper.conf
input {
file {
path => "/data/curldata/curllog"
type => "curllog"
}
}
filter {
if [type] == "curllog" {
grok {
type => "curllog"
match => [
"message","%{HTTPDATE:runtime},(?:%{NUMBER:speed_download:float})"
]
add_tag => ["herbert"]
}
}else
{
drop {}
}
date {
target => "curllog"
match => [ "runtime" , "dd/MMM/YYYY:HH:mm:ss Z" ]
}
}
output {
stdout {
debug => true
debug_format => json
}
redis {
host => "192.168.1.100"
port => 6379
data_type => "list"
key => "logstash"
}
}
当我 插入数据的时候:
echo "01/Dec/2014:17:51:43 0800,1044379.000" >>/data/curldata/curllog
{"message":"01/Dec/2014:17:51:43 0800,1044379.000","@version":"1","@timestamp":"2014-12-02T02:10:49.740Z","type":"curllog","host":"puppet4.oss.letv.com","path":"/data/curldata/curllog","runtime":"01/Dec/2014:17:51:43 0800","speed_download":1044379.0,"tags":["herbert"]}
在web界面以runtime作为横坐标提示:× Oops! ClassCastException
mapping信息
"runtime":{"type":"string","norms":{"enabled":false},"fields":{"raw":{"type":"string","index":"not_analyzed","ignore_above":256}}},
我参考的文档:
getting-the-best-out-of-logstash-for-nginx
我想指定Time Field 为runtime
以下是我的shiper.conf
input {
file {
path => "/data/curldata/curllog"
type => "curllog"
}
}
filter {
if [type] == "curllog" {
grok {
type => "curllog"
match => [
"message","%{HTTPDATE:runtime},(?:%{NUMBER:speed_download:float})"
]
add_tag => ["herbert"]
}
}else
{
drop {}
}
date {
target => "curllog"
match => [ "runtime" , "dd/MMM/YYYY:HH:mm:ss Z" ]
}
}
output {
stdout {
debug => true
debug_format => json
}
redis {
host => "192.168.1.100"
port => 6379
data_type => "list"
key => "logstash"
}
}
当我 插入数据的时候:
echo "01/Dec/2014:17:51:43 0800,1044379.000" >>/data/curldata/curllog
{"message":"01/Dec/2014:17:51:43 0800,1044379.000","@version":"1","@timestamp":"2014-12-02T02:10:49.740Z","type":"curllog","host":"puppet4.oss.letv.com","path":"/data/curldata/curllog","runtime":"01/Dec/2014:17:51:43 0800","speed_download":1044379.0,"tags":["herbert"]}
在web界面以runtime作为横坐标提示:× Oops! ClassCastException
mapping信息
"runtime":{"type":"string","norms":{"enabled":false},"fields":{"raw":{"type":"string","index":"not_analyzed","ignore_above":256}}},
我参考的文档:
getting-the-best-out-of-logstash-for-nginx
1 个回复
Rubricate - hi
赞同来自: 婚格线
target => "runtime"
match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
}
这样就行了,哈哈哈哈
可以多看看logstash的基本文档,除了三斗室的
http://logstash.net/docs/1.4.2/filters/date