ELK<logstash>过滤json数据

首先要找到正确的配置文件

java-app.yml

input {
    tcp {
      port => 1001
  }
}

filter {
    json {
        source => "message"
    }
    grok {
        match => ["message","(\[%{DATA}\] --- )?(trace_id=%{DATA:trace_id} )?(span_id=%{DATA:span_id} )?%{GREEDYDATA:msg}"]
    }
    json {
        source => "msg"
    }
    mutate {
        remove_field => ["@version","message","msg","event","trace_id","span_id"]
    }
}

output {
    if "_grokparsefailure" in [tags] {
      stdout {
        codec => rubydebug
      }
    }
    elasticsearch {
      hosts => ["localhost:xxxx"]
      index => "index-name-%{+YYYY-MM-dd}"
      user => elasxxx
      password => xxxxxx
      codec => json
    }
}

 

posted @ 2024-12-04 11:12  大稳·杨  阅读(5)  评论(0编辑  收藏  举报