logstash之filter处理中括号包围的内容
如题,logstash之filter处理中括号包围的内容:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | $grep -v "#" config/logstash-nlp.ymlinput { kafka { bootstrap_servers => "datacollect-1:9092,datacollect-2:9092,datacollect-3:9092" codec => "json" group_id => "logstash-newtrace-nlptemp" topics => ["ot-nlp"] }}filter { grok { match => { "message" => "^\[%{GREEDYDATA:request}\]$" } } json { source => "request" } ruby { code => "event.set('temptime', event.get('@timestamp').time.localtime + 8*60*60);" } grok { match => ["temptime", "%{DATA:thedate}T%{NOTSPACE:thetime}Z"] }}output { if ([kafka][topic] =~ "^ot-nlp*") { if [name] == "nlp" { file { codec => line {format => "%{request}"} path => "/tmp/newtrace_nlp.log.%{thedate}" } } }} |
摘出来数组中的所有fields
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | filter { grok { match => { "message" => "^\[%{GREEDYDATA:request}\]$" } } json { source => "request" remove_field => [ "message", "request" ] } split { field => "binaryAnnotations" } json { source => "[binaryAnnotations][value]" }} |
感谢时总的大力支持!!!
核心就是正则!
match => {
"message" => "^\[%{GREEDYDATA:request}\]$"
}
【推荐】还在用 ECharts 开发大屏?试试这款永久免费的开源 BI 工具!
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步