在下的logstash收取的是filebeat 推到kafka 推到logstash的消息,不过有个很麻烦的地方是推出来的消息是一大串,包含 时间戳咯,信息类型之类的
是这样的一串
{"@timestamp":"2018-06-12T10:03:47.996Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.1.1","topic":"manage"},"offset":310427423,"message":"2018-06-12 18:03:45 -44138047 [nioEventLoopGroup-2-1] INFO - \ufffd\ufffd\ufffd\ufffdGate:timestamp: 1528797825740","source":"/home/tomcat8080/logs/catalina.out","fields":{"log_topic":"manage"},"beat":{"hostname":"172-19-184-125","version":"6.1.1","name":"172-19-184-125"}}
而我只想收取 message 这串信息 请问我要在logstash里如何匹配呢?
在下新手妹子,实在不懂 ,谢谢各位大哥了
是这样的一串
{"@timestamp":"2018-06-12T10:03:47.996Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.1.1","topic":"manage"},"offset":310427423,"message":"2018-06-12 18:03:45 -44138047 [nioEventLoopGroup-2-1] INFO - \ufffd\ufffd\ufffd\ufffdGate:timestamp: 1528797825740","source":"/home/tomcat8080/logs/catalina.out","fields":{"log_topic":"manage"},"beat":{"hostname":"172-19-184-125","version":"6.1.1","name":"172-19-184-125"}}
而我只想收取 message 这串信息 请问我要在logstash里如何匹配呢?
在下新手妹子,实在不懂 ,谢谢各位大哥了
3 个回复
Esun
赞同来自: chachabusi 、aslan
在filter中先使用json对message解析一次(此message实际是最外层的message,并非真正的题主想要的message)
json {
source => "message"
}
Mr. Zhang
赞同来自: chachabusi
grok {
match => {
"message" => "%{GREEDYDATA:message}"
}
}
laoyang360 - 《一本书讲透Elasticsearch》作者,Elastic认证工程师 [死磕Elasitcsearch]知识星球地址:http://t.cn/RmwM3N9;微信公众号:铭毅天下; 博客:https://elastic.blog.csdn.net
赞同来自: