2
如何在logstash中創建grok自定義模式篩選器? 我想創建一個HTTP響應狀態代碼 這裏的模式是我的模式代碼logstash中的GROK自定義模式篩選器
STATUS_CODE __ %{NONNEGINT} __
我reaaly想要做的是讓所有我的Web服務器的命中與用戶IP和請求的HTTP標頭和有效載荷和還有網絡服務器的迴應。
,這裏是我的logstash.conf
input {
file {
type => "kpi-success"
path => "/var/log/kpi_success.log"
start_position => beginning
}
}
filter {
if [type] == "kpi-success" {
grok {
patterns_dir => ["./patterns"]
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} %{GREEDYDATA:message} "}
}
multiline {
pattern => "^\["
what => "previous"
negate => true
}
mutate{
add_field => {
"statusCode" => "[STATUS_CODE]"
}
}
}
}
output {
if [type] == "kpi-success" {
elasticsearch {
hosts => "elasticsearch:9200"
index => "kpi-success-%{+YYYY.MM.dd}"
}
}
}
閱讀[DOC](https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html#_custom_patterns)? – baudsp
是的我已經閱讀過整個文檔,但不是很清楚 – mhndev
您能提供一些您正在嘗試處理的日誌樣本行嗎? – niglesias