Logstash处理时区、类型转换、删除字段的案例配置

作者: wyaoo | 来源:发表于2017-07-20 10:05 被阅读1181次

#输入  
input {  
 file {  
        path => ["文件路径"]  
#自定义类型  
        type => "自定义"  
       start_position => "beginning"  
    }  
}  
  
#过滤器  
filter{  
#去除换行符  
mutate{  
gsub => [ "message", "\r", "" ]     
}  
  
#逗号分割  
mutate {    
  split => ["message",","]       
}  
  
#分割后，字段命名与赋值  
mutate{  
                add_field =>   {  
                                        "id" => "%{[message][0]}"  
                                        "mydate" => "%{[message][1]}"  
                                        "user" => "%{[message][2]}"  
                                        "pc" => "%{[message][3]}"  
                                        "to_user" => "%{[message][4]}"  
"cc" => "%{[message][5]}"  
"bcc" => "%{[message][6]}"  
"from_user" => "%{[message][7]}"  
                                        "size" => "%{[message][8]}"  
"attachments" => "%{[message][9]}"  
"content" => "%{[message][10]}"  
                     }   
               }  
  
#字段里的日期识别，以及时区转换，生成date  
      date {  
            match => [ "mydate", "MM/dd/yyyy HH:mm:ss" ]  
                       target => "date"  
  locale => "en"  
  timezone => "+00:00"    
      }  
  
#删除无用字段  
mutate {    
  remove_field => "message"      
  remove_field => "mydate"      
  remove_field => "@version"      
  remove_field => "host"      
  remove_field => "path"      
}  
#将两个字段转换为整型  
mutate{  
convert => { "size" => "integer" }  
convert => { "attachments" => "integer" }  
}  
}  
  
#输出，输出目标为es  
output {  
    #stdout { codec => rubydebug }  
elasticsearch {  
    #目标主机  
            host => ["目标主机1","目标主机2"]  
    #协议类型  
            protocol => "http"  
    #索引名  
            index =>"自定义"  
        }    
}

网友评论

本文标题：Logstash处理时区、类型转换、删除字段的案例配置

本文链接：https://www.haomeiwen.com/subject/derdkxtx.html

延伸阅读

深度阅读

您也可以注册成为美文阅读网的作者，发表您的原创作品、分享您的心情！

Logstash处理时区、类型转换、删除字段的案例配置

相关文章

网友评论

延伸阅读

深度阅读

栏目导航

热点阅读