logstash match
2024-10-18 15:05:20
[elk@zjtest7-frontend config]$ cat stdin04.conf
input {
stdin {
}
}
filter {
# drop sleep events
grok {
match => [ "message" , "(error|ERROR)" ]
add_tag => [ "sleep_aaa" ]
tag_on_failure => [] # prevent default _grokparsefailure tag on real records
} grok {
match => { "message" => "SELECT bbb" }
add_tag => [ "sleep_bbb" ]
}
}
output {
if "sleep_aaa" in [tags]{
stdout {
codec=>rubydebug{}
}
}
else if "sleep_bbb" in [tags]{
stdout {
codec=>json
}
} }
[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin04.conf --configtest
Configuration OK
[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin04.conf
Settings: Default pipeline workers: 1
Pipeline main started
error
{
"message" => "error",
"@version" => "1",
"@timestamp" => "2016-09-16T03:13:54.288Z",
"host" => "0.0.0.0",
"tags" => [
[0] "sleep_aaa",
[1] "_grokparsefailure"
]
}
error414
{
"message" => "error414",
"@version" => "1",
"@timestamp" => "2016-09-16T03:14:02.496Z",
"host" => "0.0.0.0",
"tags" => [
[0] "sleep_aaa",
[1] "_grokparsefailure"
]
}
SELECT bbb
{"message":"SELECT bbb","@version":"1","@timestamp":"2016-09-16T03:14:19.360Z","host":"0.0.0.0","tags":["sleep_bbb"]}
SELECT bbb3124234
{"message":"SELECT bbb3124234","@version":"1","@timestamp":"2016-09-16T03:14:26.959Z","host":"0.0.0.0","tags":["sleep_bbb"]}xvxv
vvvv
最新文章
- [原] XAF How can I change XafDisplayNameAttribute dynamically
- 每天一个linux命令(42):kill命令
- 【原】整理的react相关的一些学习地址,包括 react-router、redux、webpack、flux
- Laravel 校验规则之字段值唯一性校验
- javascript笔记02:严格模式的特定要求
- SQL转换函数to_char/to_date/to_number
- vb6.0 时间日期
- uva :10123 - No Tipping(dfs + 几何力矩 )
- 网络流入门-POJ1459PowerNetwork-Dinic模板
- 常用H5
- Oracle 统计信息收集
- HTML 5 Web 音频
- Mysql连接查询、子查询、联合查询 整理
- list(列表) python
- Nginx 多域名配置
- Summary on Visual Tracking: Paper List, Benchmarks and Top Groups
- python列表(list)的使用技巧及高级操作
- HDU 5842 Lweb and String 水题
- 1."问吧APP"客户需求调查分析
- Codeforces Round #412 (rated, Div. 2, base on VK Cup 2017 Round 3) A B C D 水 模拟 二分 贪心