filebeat和ELK全用了6.2.4了,kafka是1.1.0,filebeat写入kafka后,所有信息都保存在messa
filebeat和ELK全用了6.2.4了,kafka是1.1.0,filebeat写入kafka后,所有信息都保存在message字段中,怎么才能把message里面的字段都单独分离出来呢?
Beats • jlhde123 回复了问题 • 9 人关注 • 10 个回复 • 9554 次浏览 • 2019-02-15 15:35
yokv 回答了问题 • 2018-05-08 12:40 • 10 个回复
filebeat和ELK全用了6.2.4了,kafka是1.1.0,filebeat写入kafka后,所有信息都保存在message字段中,怎么才能把message里面的字段都单独分离出来呢?
{
"@timestamp": "2018-05-07T19:04:08+08:00",
"remote_addr": "192.168.6.1",
"remote_user": "-",
"status": "200",
"body_bytes_sent": "25686",
"request": "GET /overview.php?ddreset=1 HTTP/1.1",
"request_method": "GET",
"http_referrer": "http://192.168.6.71/overview.php?ddreset=1",
"http_user_agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.90 Safari/537.36 2345Explorer/9.3.2.17331",
"http_x_forwarded_for": "-",
"request_time": "0.153",
"request_body": "" - " }} 你的json格式有错吧
request_body那多个"和},你的nginx日志格式配错了吧
"@timestamp": "2018-05-07T19:04:08+08:00",
"remote_addr": "192.168.6.1",
"remote_user": "-",
"status": "200",
"body_bytes_sent": "25686",
"request": "GET /overview.php?ddreset=1 HTTP/1.1",
"request_method": "GET",
"http_referrer": "http://192.168.6.71/overview.php?ddreset=1",
"http_user_agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.90 Safari/537.36 2345Explorer/9.3.2.17331",
"http_x_forwarded_for": "-",
"request_time": "0.153",
"request_body": "" - " }} 你的json格式有错吧
request_body那多个"和},你的nginx日志格式配错了吧
filebeat和ELK全用了6.2.4了,kafka是1.1.0,filebeat写入kafka后,所有信息都保存在message字段中,怎么才能把message里面的字段都单独分离出来呢?
回复Beats • jlhde123 回复了问题 • 9 人关注 • 10 个回复 • 9554 次浏览 • 2019-02-15 15:35
