logstash如何解析带有windows文件路径的日志
匿名 | 发布于2017年12月28日 | 阅读数:6189
在日志文件中包含有json格式数据,json数据中如果包含windows文件路径这种反斜杠,logstash使用json过滤或者json编码都无法通过,报错误code 85,error信息如下:
exception=>#<LogStash::Jso n::ParserError: Unrecognized character escape 'A' (code 85)
原始数据如下:
Dec 2 11:39:45 100.8.82.104 sdfFORCE {"BLOCKED":"无","INCIDENT_ID":"2156662","RECIPIENTS":"N/A","SENDER":"N/A","RULES":"中国身份证号(窄), 中国身份证号, 手机号码和身份证号","SEVERITY":"1:高","INCIDENT_SNAPSHOT":"https://FORCE/ProtectManager/E ... value(variable_1)=incident.id&value(operator_1)=incident.id_in&value(operand_1)=2156662","MATCH_COUNT":"156","POLICY":"客户数据保护","SUBJECT":"N/A","FILE_NAME":"报税信息2016.09.xlsx","PARENT_PATH":"\\10.10.43.55\服务有限公司\08 资金财务部\Accounting File\Tax file\软件安装","PATH":"\\10.10.43.55\服务有限公司\08 资金财务部\Accounting File\Tax file\软件安装\报税信息2016.09.xlsx","QUARANTINE_PARENT_PATH":"N/A","SCAN":"N/A","TARGET":"N/A"}
前面信息grok没有问题,主要json解析错误,大神帮忙指导一下
exception=>#<LogStash::Jso n::ParserError: Unrecognized character escape 'A' (code 85)
原始数据如下:
Dec 2 11:39:45 100.8.82.104 sdfFORCE {"BLOCKED":"无","INCIDENT_ID":"2156662","RECIPIENTS":"N/A","SENDER":"N/A","RULES":"中国身份证号(窄), 中国身份证号, 手机号码和身份证号","SEVERITY":"1:高","INCIDENT_SNAPSHOT":"https://FORCE/ProtectManager/E ... value(variable_1)=incident.id&value(operator_1)=incident.id_in&value(operand_1)=2156662","MATCH_COUNT":"156","POLICY":"客户数据保护","SUBJECT":"N/A","FILE_NAME":"报税信息2016.09.xlsx","PARENT_PATH":"\\10.10.43.55\服务有限公司\08 资金财务部\Accounting File\Tax file\软件安装","PATH":"\\10.10.43.55\服务有限公司\08 资金财务部\Accounting File\Tax file\软件安装\报税信息2016.09.xlsx","QUARANTINE_PARENT_PATH":"N/A","SCAN":"N/A","TARGET":"N/A"}
前面信息grok没有问题,主要json解析错误,大神帮忙指导一下
2 个回复
匿名用户
赞同来自: lianjie
gsub => ["my_field", "[\\]", "/"]
供大家参考;
strglee
赞同来自: