日志样式:
2015-08-11 14:30:18,835 [pool-1-thread-17] DEBUG slowLog - Query costs: 256.143998 ms | post body: {"cat":"user","catalogidtreefilter":["1000081"],"guaranteefilter":0,"goldstatusFilter":[0],"sort":["complex"],"size":5,"fltype":"field","flcontext":"userId,goldstatus","from":"taskview"}
自己尝试过用自带的json filter来过滤。但是不行。如果用正则来匹配显得非常麻烦。请问各位有没有一个更好的解决办法? 还有一个问题就是grok貌似不支持把未匹配的扔到一个字段里面。
2015-08-11 14:30:18,835 [pool-1-thread-17] DEBUG slowLog - Query costs: 256.143998 ms | post body: {"cat":"user","catalogidtreefilter":["1000081"],"guaranteefilter":0,"goldstatusFilter":[0],"sort":["complex"],"size":5,"fltype":"field","flcontext":"userId,goldstatus","from":"taskview"}
自己尝试过用自带的json filter来过滤。但是不行。如果用正则来匹配显得非常麻烦。请问各位有没有一个更好的解决办法? 还有一个问题就是grok貌似不支持把未匹配的扔到一个字段里面。
2 个回复
三斗室 - ELK
赞同来自: Rubricate
stab - freshman
赞同来自:
到我还是建议正则匹配以下,把信息分类。毕竟一个萝卜一个坑嘛