愚者求师之过,智者从师之长。

如何固定message 的样式?

Logstash | 作者 ChrisChan | 发布于2019年02月21日 | 阅读数:2229
分享到:QQ空间新浪微博微信QQ好友印象笔记有道云笔记
各位大虾好!
 
我的kibana输出message信息的顺序是随机的,比如下面三个message:
111.png 
message:

{"@timestamp":"2019-02-21T06:46:41.426Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"lcshop-log"},"source":"/usr/local/nginx/logs/access.log","offset":127418126,"prospector":{"type":"log"},"fields":{"alilogtype":"nginx_log","serverip":"172.31.0.85","log_topics":"lcshop-log"},"message":"100.97.73.148 - - [21/Feb/2019:14:46:41 +0800] \"GET /public/app/b2c/statics/css_mini/basic.min.css HTTP/1.1\" 200 27001 \"https://www.lechange.com/news- ... .html\" \"Mozilla/5.0 (Linux; Android 8.0.0; SM-G9550 Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044504 Mobile Safari/537.36\"","tags":["logmessages"],"input":{"type":"log"},"beat":{"name":"lcshop-EC4","hostname":"lcshop-EC4","version":"6.5.4"},"host":{"name":"lcshop-EC4"}}

message:

{"@timestamp":"2019-02-21T06:46:41.426Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"lcshop-log"},"input":{"type":"log"},"prospector":{"type":"log"},"message":"100.97.73.147 - - [21/Feb/2019:14:46:41 +0800] \"GET /themes/pc-online/images/toast.js HTTP/1.1\" 200 503 \"https://www.lechange.com/news- ... .html\" \"Mozilla/5.0 (Linux; Android 8.0.0; SM-G9550 Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044504 Mobile Safari/537.36\"","tags":["logmessages"],"fields":{"serverip":"172.31.0.85","log_topics":"lcshop-log","alilogtype":"nginx_log"},"beat":{"name":"lcshop-EC4","hostname":"lcshop-EC4","version":"6.5.4"},"host":{"name":"lcshop-EC4"},"source":"/usr/local/nginx/logs/access.log","offset":127419256}

message:

{"@timestamp":"2019-02-21T06:46:41.426Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"lcshop-log"},"tags":["logmessages"],"input":{"type":"log"},"beat":{"hostname":"lcshop-EC4","version":"6.5.4","name":"lcshop-EC4"},"host":{"name":"lcshop-EC4"},"source":"/usr/local/nginx/logs/access.log","offset":127414917,"message":"100.117.56.234 - - [21/Feb/2019:14:46:40 +0800] \"HEAD / HTTP/1.0\" 200 0 \"-\" \"-\"","prospector":{"type":"log"},"fields":{"alilogtype":"nginx_log","serverip":"172.31.0.85","log_topics":"lcshop-log"}}
前面@timestamp @metadata 的顺序是固定的,剩下的fields顺序就是完全随机,搞得我用
    mutate {

        split => ["message",","]

        }

    mutate {

        add_field => {"hostname" => "%{[message][9]}"}

       }

切下来的hostname时而准确时而不准确,请问有什么方法能让message的fields输出格式是固定的么?
先感谢各位解惑了。
2019-02-21 添加评论

没有找到相关结果

    已邀请:

    zyy

    赞同来自:

    logstash的配置可以发下吗?看你的数据应该不用这么麻烦的。
    2019-02-21 0 3
    分享
    为什么被折叠? 0 个回复被折叠

    要回复问题请先登录注册

    Copyright © 2024 · CC BY-NC-SA 3.0

    本站服务器及带宽由 提供赞助