1
我一直在網上搜索,但無法完全弄清楚這一點。logstash grok解析url
grok {
match => ["message", "%{TIMESTAMP_ISO8601:log_timestamp} %{URIPATH:url}
}
我需要從網址中獲取內容並將其放入彈性搜索中。
日誌有這樣
URL的URL 1 = /NEED_A/Constant_A/Constant_B/Constant_C/Need_B/Constant_D/Need_C/Need_D
URL 2 = /NEED_A/Constant_A/Constant_B/Constant_C/Need_B/Constant_D
URL 3 = /Wierd_A
Need_A,NEED_B,NEED_C,Need_D,Wierd_A應該在各自的領域。
我一直在試圖找到一個if else-if循環,但還沒有真正得到任何東西。
grok {
match => ["message", "%{TIMESTAMP_ISO8601:log_timestamp} {URIPATH:url} %]
}
if[url] == "/*/Constant_A/Constant_B/Constant_C/*/Constant_D/*/*" {
\/%{WORD:NEED_A}\/.*\/.*\/.*\/%{WORD:NEED_B}\/.*\/%{WORD:NEED_C}
}
else-if[url] == "/*/Constant_A/Constant_B/Constant_C/*/Constant_D" {
\/%{WORD:NEED_A}\/.*\/.*\/.*\/%{WORD:NEED_B}\/.*\/
}
else-if
//something similar for url 3
}
//move on if nothing matches
有什麼想法?
感謝您指出我在正確的方向。 – Dhrumil