我使用logstash收集我的Apache日誌創建一個從外地標籤,因此我有一個字段名爲request_url它包含看起來像值:使用正則表達式
POST /api_v1/services/order_service HTTP/1.1
POST /api_v2/services/user_service HTTP/1.0
我想創建一個包含在單獨的標籤API版本和服務名稱,例如
POST /api_v1/services/order_service HTTP/1.1 -> ["v1", "order_service"]
POST /api_v2/services/user_service HTTP/1.0 -> ["v2", "user_service"]
在logstash配置中如何做到這一點?感謝任何指針。
使用下面的神交過濾器,你可以單獨你需要的組件,然後添加相應的標籤
filter {
grok {
"match" => { "message" => "%{WORD:verb} /api_%{NOTSPACE:version}/services/%{WORD:service}" }
"add_tag" => ["%{version}", "%{service}"]
}
}
你會得到看起來像這樣的事件:
{
"message" => "POST /api_v1/services/order_service HTTP/1.1",
"@version" => "1",
"@timestamp" => "2016-06-07T02:52:01.136Z",
"host" => "iMac.local",
"verb" => "POST",
"version" => "v1",
"service" => "order_service",
"tags" => [
[0] "v1",
[1] "order_service"
]
}