0
因此,我一直忙於計時某些事件之間的時間差異,並遇到兩個任務在同一個事件中停止的實例,但是,在調用已過去的插件兩次時,首先記錄。我應該怎麼做才能使兩個記錄都消失?logstash:使用多個已過濾的過濾器
示例配置:
filter {
grok {
match => ["message", "STARTING TASK1: (?.)"]
add_tag => [ "Task1Started" ]
}
grok {
match => ["message", "STARTING TASK2: (?.)"]
add_tag => [ "Task2Started" ]
}
grok {
match => ["message", "ENDING ALL TASKS: (?.)"]
add_tag => [ "Task1Terminated", "Task2Terminated"]
}
elapsed {
start_tag => "Task1Started"
end_tag => "Task1Terminated"
unique_id_field => "task_id"
}
elapsed {
start_tag => "Task2Started"
end_tag => "Task2Terminated"
unique_id_field => "task_id"
}
}
感謝在這個問題上的任何幫助! 我也穿上了這樣一個問題:https://github.com/logstash-plugins/logstash-filter-elapsed/issues/13