美文网首页大数据大数据,机器学习,人工智能玩转大数据
Logstash解析嵌套Json

Logstash解析嵌套Json

作者: 寇寇寇先森 | 来源:发表于2019-01-23 19:51 被阅读7次

由于我们的埋点日志是嵌套json类型,要想最终所有字段展开来统计分析就必须把嵌套json展开。

  1. 日志格式如下:
2019-01-22 19:25:58 172.17.12.177  /statistics/EventAgent appkey=yiche&enc=0&ltype=view&yc_log=%7B%22uuid%22%3A%2273B333EB-EC87-4F9F-867B-A9BF38CBEBB2%22%2C%22mac%22%3A%2202%3A00%3A00%3A00%3A00%3A00%22%2C%22uid%22%3A-1%2C%22idfa%22%3A%222BFD67CF-ED60-4CF6-BA6E-FC0B18FDDDF8%22%2C%22osv%22%3A%22iOS11.4.1%22%2C%22fac%22%3A%22apple%22%2C%22mdl%22%3A%22iPhone%20SE%22%2C%22req_id%22%3A%22360C8C43-73AC-4429-9E43-2C08F4C1C425%22%2C%22itime%22%3A1548156351820%2C%22os%22%3A%222%22%2C%22sn_id%22%3A%226B937D83-BFB2-4C22-85A8-5B3E82D9D0F1%22%2C%22dvid%22%3A%223676b52dc155e1eec3ca514f38736fd6%22%2C%22aptkn%22%3A%224fb9b2bffb808515aa0e9a5f5b17d826769e432f63d5cf87f7fb5ce4d67ef9f1%22%2C%22cha%22%3A%22App%20Store%22%2C%22idfv%22%3A%22B1EAD56F-E456-4FF2-A3C2-9A8FA0693C22%22%2C%22nt%22%3A4%2C%22lg_vl%22%3A%7B%22pfrom%22%3A%22shouye%22%2C%22ptitle%22%3A%22shouye%22%7D%2C%22av%22%3A%2210.3.3%22%7D   218.15.255.124  200
  1. 最开始Logstash的配置文件如下:
input {
  file {
    path => ["/data/test_logstash.log"]
    type => ["nginx_log"]
    start_position => "beginning"
  }
}
filter {
  if [type] =~ "nginx_log" {
    grok {
      match => { "message" => "%{TIMESTAMP_ISO8601:create_time} %{IP:server_ip}  %{URIPATH:uri} %{GREEDYDATA:args}   %{IP:client_ip}  %{NUMBER:status}" }
    }
    urldecode{
    field =>args
    }
    kv {
    source =>"args"
    field_split =>"&"
    remove_field => [ "args","@timestamp","message","path","@version","path","host" ]
    }
    json {
        source => "yc_log"
        remove_field => [ "yc_log" ]
    }
  }
}
output {
  stdout { codec => rubydebug }
}

按照以上配置文件运行Logstash得到的结果如下:

{
      "server_ip" => "172.17.12.177",
            "cha" => "App Store",
            "mdl" => "iPhone SE",
           "type" => "nginx_log",
            "mac" => "02:00:00:00:00:00",
         "ptitle" => "shouye",
         "appkey" => "yiche",
           "idfv" => "B1EAD56F-E456-4FF2-A3C2-9A8FA0693C22",
          "sn_id" => "6B937D83-BFB2-4C22-85A8-5B3E82D9D0F1",
          "aptkn" => "4fb9b2bffb808515aa0e9a5f5b17d826769e432f63d5cf87f7fb5ce4d67ef9f1",
             "av" => "10.3.3",
             "os" => "2",
           "idfa" => "2BFD67CF-ED60-4CF6-BA6E-FC0B18FDDDF8",
            "uid" => -1,
           "uuid" => "73B333EB-EC87-4F9F-867B-A9BF38CBEBB2",
         "req_id" => "360C8C43-73AC-4429-9E43-2C08F4C1C425",
         "status" => "200",
            "uri" => "/statistics/EventAgent",
            "enc" => "0",
          "ltype" => "view",
          "lg_vl" => {
        "ptitle" => "shouye",
         "pfrom" => "shouye"
    },
             "nt" => 4,
          "pfrom" => "shouye",
          "itime" => 1548156351820,
      "client_ip" => "218.15.255.124",
    "create_time" => "2019-01-22 19:25:58",
           "dvid" => "3676b52dc155e1eec3ca514f38736fd6",
            "fac" => "apple",
       "lg_value" => "{\"pfrom\":\"shouye\",\"ptitle\":\"shouye\"}",
            "osv" => "iOS11.4.1"
}

可以看到lg_vl字段仍然是json格式,没有解析出来。如果直接在配置文件中添加

json { source => "lg_vl" }

会报jsonParseException错。

  1. 正确做法
input {
  file {
    path => ["/data/test_logstash.log"]
    type => ["nginx_log"]
    start_position => "beginning"
  }
}
filter {
  if [type] =~ "nginx_log" {
    grok {
      match => { "message" => "%{TIMESTAMP_ISO8601:create_time} %{IP:server_ip}  %{URIPATH:uri} %{GREEDYDATA:args}   %{IP:client_ip}  %{NUMBER:status}" }
    }
    urldecode{
    field =>args
    }
    kv {
    source =>"args"
    field_split =>"&"
    remove_field => [ "args","@timestamp","message","path","@version","path","host" ]
    }
    json {
        source => "yc_log"
        remove_field => [ "yc_log" ]
    }
    mutate {
      add_field => { "lg_value" => "%{lg_vl}" }
    }
    json {
        source => "lg_value"
        remove_field => [ "lg_vl","lg_value" ]
    }
  }
}

output {
  stdout { codec => rubydebug }
}

在解析完上一层json之后添加一个字段lg_value,再将lg_vl的内容赋值给lg_value;之后单独对lg_value进行json解析就可以了。解析完结果如下:

{
           "type" => "nginx_log",
             "nt" => 4,
           "dvid" => "3676b52dc155e1eec3ca514f38736fd6",
             "os" => "2",
            "fac" => "apple",
          "ltype" => "view",
      "client_ip" => "218.15.255.124",
          "itime" => 1548156351820,
            "mac" => "02:00:00:00:00:00",
           "idfa" => "2BFD67CF-ED60-4CF6-BA6E-FC0B18FDDDF8",
            "uri" => "/statistics/EventAgent",
          "aptkn" => "4fb9b2bffb808515aa0e9a5f5b17d826769e432f63d5cf87f7fb5ce4d67ef9f1",
          "sn_id" => "6B937D83-BFB2-4C22-85A8-5B3E82D9D0F1",
    "create_time" => "2019-01-22 19:25:58",
            "osv" => "iOS11.4.1",
         "req_id" => "360C8C43-73AC-4429-9E43-2C08F4C1C425",
         "ptitle" => "shouye",
             "av" => "10.3.3",
      "server_ip" => "172.17.12.177",
          "pfrom" => "shouye",
            "enc" => "0",
            "mdl" => "iPhone SE",
            "cha" => "App Store",
           "idfv" => "B1EAD56F-E456-4FF2-A3C2-9A8FA0693C22",
            "uid" => -1,
           "uuid" => "73B333EB-EC87-4F9F-867B-A9BF38CBEBB2",
         "appkey" => "yiche",
         "status" => "200"
}

完美,棒棒哒!!!

相关文章

  • Logstash解析嵌套Json

    由于我们的埋点日志是嵌套json类型,要想最终所有字段展开来统计分析就必须把嵌套json展开。 日志格式如下: 最...

  • JSONModel 使用记录

    JSONModel 嵌套解析JSONModel 解析 json 数据时,如果 json 内部有嵌套,如果想要解析则...

  • JSON 转含有泛型属性的对象

    返回的json数据里嵌套了对象,接收对象里嵌套了泛型。 解析方式: 1.JSON.parseObject();解析...

  • JSONPath解析json

    JSONPath 用来解析多层嵌套的json数据,JsonPath 是一种信息抽取类库,是从JSON文档中抽取指定...

  • logstash 嵌套转换json消息的方法

    如果你在网上搜到的都是这类型的转换方式,但使用后一直都转换不成功 如果上述方法不行,可以尝试以下方法新的转换方法如...

  • 一个重要的go代码模板

    涉及到格式转换,json与map转换,和执行命令行命令 参考文章 golang解析创建复杂嵌套的json数据 Go...

  • JSON的介绍

    一、什么是JSON JSON是一种嵌套层级结构,具有自我描述性,可以通过JavaScript进行解析,也通常会通过...

  • 关于解析嵌套json格式

    我在上一篇文章:关于fiddler抓包,抓到的json数据中,碰到一个很棘手的问题: {'requestStatu...

  • python解析json嵌套json的数据

    解析这种数据可以直接用:json_normalize() 数据: data=[{'state':'Florida'...

  • javaScript问题解决

    1.数据库是时间戳,java是dataTime,在前台显示一串数字,格式化时间 2.解析json数据嵌套json字...

网友评论

    本文标题:Logstash解析嵌套Json

    本文链接:https://www.haomeiwen.com/subject/llvsjqtx.html

    延伸阅读

    深度阅读

    • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

    栏目导航

    热点阅读

    大数据

    大数据,机器学习,人工智能

    玩转大数据

    大数据 爬虫Python AI Sql

    关于我们|服务条款|联系我们|Logstash解析嵌套Json|投稿指南|网站地图|RSS订阅|排版工具|手机版

    提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

    Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

    备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

    本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

    所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!