你的浏览器禁用了JavaScript, 请开启后刷新浏览器获得更好的体验!
输入关键字进行搜索
搜索:
没有找到相关结果
stone_xy
赞同来自: shuangshuang 、Reilee
input { file { path => "/opt/es/tmp/test/*" codec => multiline { pattern => ".*请求URL.*" negate => true what => "previous" } } } output { elasticsearch { hosts => ["http://10.0.0.200:9200"] index => "test-index" } }
[2019-08-23T01:30:00,016][INFO ] 请求URL:www.example.com [2019-08-23T01:30:00,016][INFO ] 请求IP:192.168.0.122 [2019-08-23T01:30:00,016][INFO ] 请求方法: GET [2019-08-23T01:30:00,016][INFO ] 请求参数: {"test": "xxx"} [2019-08-23T01:30:00,016][INFO ] 请求URL:www.example.com [2019-08-23T01:30:00,016][INFO ] 请求IP:192.168.0.123 [2019-08-23T01:30:00,016][INFO ] 请求方法: POST [2019-08-23T01:30:00,016][INFO ] 请求参数: {"test": "xxx"}
{ "_index" : "test-index", "_type" : "doc", "_id" : "rzPOvWwBZFTn6WUnbRUg", "_score" : 1.0, "_source" : { "@version" : "1", "host" : "ecs-aaaaaa", "path" : "/opt/es/tmp/test/data.log", "message" : """ [2019-08-23T01:30:00,016][INFO ] 请求URL:www.example.com [2019-08-23T01:30:00,016][INFO ] 请求IP:192.168.0.122 [2019-08-23T01:30:00,016][INFO ] 请求方法: GET [2019-08-23T01:30:00,016][INFO ] 请求参数: {"test": "xxx"} """, "@timestamp" : "2019-08-23T09:28:37.641Z", "tags" : [ "multiline" ] } },
shuangshuang
赞同来自:
要回复问题请先登录或注册
2 个回复
stone_xy
赞同来自: shuangshuang 、Reilee
示例配置:
示例数据
结果:
其实如果在日志打印的源端处理一下都打印在一起或许是个更好的方式。
shuangshuang
赞同来自: