nginx日志如下:
127.0.0.1 - [10/Sep/2020:07:09:53 +0000] "POST /i HTTP/1.1" - "deviceId=NC2S1wkFkQm0xq1RmFLG9g&appKey=sfci50a7sxz6i×tamp=1599709583&deviceInfo=%7B%22device%22%3A%22OXF-AN00%22%2C%22osName%22%3A%22Android%22%2C%22osVersion%22%3A%2210%22%2C%22carrier%22%3A%22%E4%B8%AD%E5%9B%BD%E8%81%94%E9%80%9A%22%2C%22resolution%22%3A%221080x2277%22%2C%22density%22%3A%22XXHDPI%22%2C%22locale%22%3A%22zh_CN%22%2C%22appVersion%22%3A%221.0.0%22%2C%22bundleId%22%3A%22com.qiyee.recruit%22%2C%22sdkVersion%22%3A%224.0.0%22%2C%22network%22%3A%22WIFI%22%2C%22timeZone%22%3A%22GMT%2B08%3A00%22%7D&device_id=dc8aeec4c2cb4135&checksum256=3be5d3e27f289cc0136db1c78dc6d2678a6d2805d2a4e2170250529b356b653a" "400" 70 "" "Dalvik/2.1.0 (Linux; U; Android 10; OXF-AN00 Build/HUAWEIOXF-AN00)" "" "172.20.0.4:3001" "400" "0.001" "0.001" 337 856
logstash收到的原始内容如下:
{
"@timestamp" => 2020-09-11T02:19:06.036Z,
"message" => "192.168.100.2 - [10/Sep/2020:07:09:53 +0000] \"POST /i HTTP/1.1\" - \"deviceId=NC2S1wkFkQm0xq1RmFLG9g&appKey=sfci50a7sxz6i×tamp=1599709583&deviceInfo=%7B%22device%22%3A%22OXF-AN00%22%2C%22osName%22%3A%22Android%22%2C%22osVersion%22%3A%2210%22%2C%22carrier%22%3A%22%E4%B8%AD%E5%9B%BD%E8%81%94%E9%80%9A%22%2C%22resolution%22%3A%221080x2277%22%2C%22density%22%3A%22XXHDPI%22%2C%22locale%22%3A%22zh_CN%22%2C%22appVersion%22%3A%221.0.0%22%2C%22bundleId%22%3A%22com.qiyee.recruit%22%2C%22sdkVersion%22%3A%224.0.0%22%2C%22network%22%3A%22WIFI%22%2C%22timeZone%22%3A%22GMT%2B08%3A00%22%7D&device_id=dc8aeec4c2cb4135&checksum256=3be5d3e27f289cc0136db1c78dc6d2678a6d2805d2a4e2170250529b356b653a\" \"400\" 70 \"\" \"Dalvik/2.1.0 (Linux; U; Android 10; OXF-AN00 Build/HUAWEIOXF-AN00)\" \"\" \"172.20.0.4:3001\" \"400\" \"0.001\" \"0.001\" 337 856",
"tags" => [
[0] "beats_input_codec_plain_applied"
]
}
希望能够提取出这一段来:
"deviceId=NC2S1wkFkQm0xq1RmFLG9g&appKey=sfci50a7sxz6i×tamp=1599709583&deviceInfo=%7B%22device%22%3A%22OXF-AN00%22%2C%22osName%22%3A%22Android%22%2C%22osVersion%22%3A%2210%22%2C%22carrier%22%3A%22%E4%B8%AD%E5%9B%BD%E8%81%94%E9%80%9A%22%2C%22resolution%22%3A%221080x2277%22%2C%22density%22%3A%22XXHDPI%22%2C%22locale%22%3A%22zh_CN%22%2C%22appVersion%22%3A%221.0.0%22%2C%22bundleId%22%3A%22com.qiyee.recruit%22%2C%22sdkVersion%22%3A%224.0.0%22%2C%22network%22%3A%22WIFI%22%2C%22timeZone%22%3A%22GMT%2B08%3A00%22%7D&device_id=dc8aeec4c2cb4135&checksum256=3be5d3e27f289cc0136db1c78dc6d2678a6d2805d2a4e2170250529b356b653a"
并通过=分割成kv对,现在不知道如何提取出来,求助大神解决下~~~
127.0.0.1 - [10/Sep/2020:07:09:53 +0000] "POST /i HTTP/1.1" - "deviceId=NC2S1wkFkQm0xq1RmFLG9g&appKey=sfci50a7sxz6i×tamp=1599709583&deviceInfo=%7B%22device%22%3A%22OXF-AN00%22%2C%22osName%22%3A%22Android%22%2C%22osVersion%22%3A%2210%22%2C%22carrier%22%3A%22%E4%B8%AD%E5%9B%BD%E8%81%94%E9%80%9A%22%2C%22resolution%22%3A%221080x2277%22%2C%22density%22%3A%22XXHDPI%22%2C%22locale%22%3A%22zh_CN%22%2C%22appVersion%22%3A%221.0.0%22%2C%22bundleId%22%3A%22com.qiyee.recruit%22%2C%22sdkVersion%22%3A%224.0.0%22%2C%22network%22%3A%22WIFI%22%2C%22timeZone%22%3A%22GMT%2B08%3A00%22%7D&device_id=dc8aeec4c2cb4135&checksum256=3be5d3e27f289cc0136db1c78dc6d2678a6d2805d2a4e2170250529b356b653a" "400" 70 "" "Dalvik/2.1.0 (Linux; U; Android 10; OXF-AN00 Build/HUAWEIOXF-AN00)" "" "172.20.0.4:3001" "400" "0.001" "0.001" 337 856
logstash收到的原始内容如下:
{
"@timestamp" => 2020-09-11T02:19:06.036Z,
"message" => "192.168.100.2 - [10/Sep/2020:07:09:53 +0000] \"POST /i HTTP/1.1\" - \"deviceId=NC2S1wkFkQm0xq1RmFLG9g&appKey=sfci50a7sxz6i×tamp=1599709583&deviceInfo=%7B%22device%22%3A%22OXF-AN00%22%2C%22osName%22%3A%22Android%22%2C%22osVersion%22%3A%2210%22%2C%22carrier%22%3A%22%E4%B8%AD%E5%9B%BD%E8%81%94%E9%80%9A%22%2C%22resolution%22%3A%221080x2277%22%2C%22density%22%3A%22XXHDPI%22%2C%22locale%22%3A%22zh_CN%22%2C%22appVersion%22%3A%221.0.0%22%2C%22bundleId%22%3A%22com.qiyee.recruit%22%2C%22sdkVersion%22%3A%224.0.0%22%2C%22network%22%3A%22WIFI%22%2C%22timeZone%22%3A%22GMT%2B08%3A00%22%7D&device_id=dc8aeec4c2cb4135&checksum256=3be5d3e27f289cc0136db1c78dc6d2678a6d2805d2a4e2170250529b356b653a\" \"400\" 70 \"\" \"Dalvik/2.1.0 (Linux; U; Android 10; OXF-AN00 Build/HUAWEIOXF-AN00)\" \"\" \"172.20.0.4:3001\" \"400\" \"0.001\" \"0.001\" 337 856",
"tags" => [
[0] "beats_input_codec_plain_applied"
]
}
希望能够提取出这一段来:
"deviceId=NC2S1wkFkQm0xq1RmFLG9g&appKey=sfci50a7sxz6i×tamp=1599709583&deviceInfo=%7B%22device%22%3A%22OXF-AN00%22%2C%22osName%22%3A%22Android%22%2C%22osVersion%22%3A%2210%22%2C%22carrier%22%3A%22%E4%B8%AD%E5%9B%BD%E8%81%94%E9%80%9A%22%2C%22resolution%22%3A%221080x2277%22%2C%22density%22%3A%22XXHDPI%22%2C%22locale%22%3A%22zh_CN%22%2C%22appVersion%22%3A%221.0.0%22%2C%22bundleId%22%3A%22com.qiyee.recruit%22%2C%22sdkVersion%22%3A%224.0.0%22%2C%22network%22%3A%22WIFI%22%2C%22timeZone%22%3A%22GMT%2B08%3A00%22%7D&device_id=dc8aeec4c2cb4135&checksum256=3be5d3e27f289cc0136db1c78dc6d2678a6d2805d2a4e2170250529b356b653a"
并通过=分割成kv对,现在不知道如何提取出来,求助大神解决下~~~
1 个回复
laoyang360 - 《一本书讲透Elasticsearch》作者,Elastic认证工程师 [死磕Elasitcsearch]知识星球地址:http://t.cn/RmwM3N9;微信公众号:铭毅天下; 博客:https://elastic.blog.csdn.net
赞同来自: