我的日誌是這樣的:使用filebeat,logstash和elasticsearch發送json格式的日誌到kibana?
{"logId":"57aaf6c8d32fb","clientIp":"127.0.0.1","time":"03:11:29 pm","uniqueSubId":"57aaf6c98963b","channelName":"JSPC","apiVersion":"v1","modulName":null,"actionName":"apiRequest","typeOfError":"","statusCode":"","message":"In Auth","exception":"In Auth","logType":"Info"}
{"logId":"57aaf6c8d32fb","clientIp":"127.0.0.1","time":"03:11:29 pm","uniqueSubId":"57aaf6c987206","channelName":"JSPC","apiVersion":"v2","modulName":null,"actionName":"performV2","typeOfError":"","statusCode":"","message":"in inbox api v2 5","exception":"in inbox api v2 5","logType":"Info"}
我想他們推到kibana
。我使用filebeat將數據發送到logstash,採用以下配置:
filebeat.yml
### Logstash as output
logstash:
# The Logstash hosts
hosts: ["localhost:5044"]
# Number of workers per Logstash host.
#worker: 1
現在用下面的配置,我想改變編解碼器類型:
input {
beats {
port => 5000
tags => "beats"
codec => "json_lines"
#ssl => true
#ssl_certificate => "/opt/filebeats/logs.example.com.crt"
#ssl_key => "/opt/filebeats/logs.example.com.key"
}
syslog {
type => "syslog"
port => "5514"
}
}
但是,我仍然得到日誌字符串格式:
「message」:「{\」logId \「:\」57aaf6c96224b \「,\」clientIp \「:\」127.0.0.1 \「,\」time \「:\」03:11:29 PM \」,\ 「CHANNELNAME \」:\ 「JSPC \」,\ 「apiVersion \」:空,\ 「modulName \」:空,\ 「actionName \」:\ 「404 \」,\ 「typeOfError \」: \「EXCEPTION \」,\「statusCode \」:0,\「message \」:\「404頁面遇到http: \/\/localjs.com \ /上傳\/NonScreenedImages \/profilePic120 \/16 \/29 \ /15997002iicee52ad041fed55e952d4e4e163d5972ii4c41f8845105429abbd11cc184d0e330.jpeg \ 「\ 」日誌類型\「:\ 」錯誤\「}」,
請幫助我解決這個問題。
使你在filebeat.yml文件中提到的變化,下面的logstash配置工作:'輸入{ 節拍{ 端口=> 5044 } } 濾波器{ 如果[標籤] [JSON] { JSON { 源=> 「消息」 } } } 輸出{ elasticsearch { 主機=> 「本地主機:9200」 manage_template =>假 指數=>「%{[@元數據] [擊敗]} - %{+ YYYY.MM.dd}「 docume nt_type =>「%{[@ metadata] [type]}」 } } ',而不是您的配置。謝謝您的幫助。 – learner