如何在elasticsearch上使用logstash获取URL路径 [英] How to get url path using logstash on elasticsearch
本文介绍了如何在elasticsearch上使用logstash获取URL路径的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我已经使用我的logstash配置进行了测试
I have tested using my configuration of logstash
127.0.0.1 - - [02/Jun/2016:15:38:57 +0900] "GET /ad/adInfos?id=1 HTTP/1.1" 404 68
filter {
grok {
match => { "message" => "%{COMMONAPACHELOG}" }
}
}
它的工作方式如下
It's working as below
{
"message" => "127.0.0.1 - - [02/Jun/2016:15:39:02 +0900] \"POST /ad/signIn?id=1 HTTP/1.1\" 200 26",
"@version" => "1",
"@timestamp" => "2016-06-02T06:39:02.000Z",
"path" => "/opt/node-v4.3.1/logs/access.log",
"host" => "0.0.0.0",
"clientip" => "127.0.0.1",
"ident" => "-",
"auth" => "-",
"timestamp" => "02/Jun/2016:15:39:02 +0900",
"verb" => "POST",
"request" => "/ad/signIn?id=1
"httpversion" => "1.1",
"response" => "200",
"bytes" => "26"
}
但是我只想获取URL路径,除了path参数:/ad/signIn
But I want to get only URL path except path parameter: /ad/signIn
因为请求计数了每个REST API.
Because of request counting each REST API.
我该怎么办?
推荐答案
您只需要在第一个看起来像这样的对象之后添加第二个对象:
You simply need to add a second grok after the first one that looks like this:
grok {
match => { "request" => "%{URIPATH:path}" }
named_captures_only => false
}
这将是您的request字段,并使用URIPATH模式再次对其进行解析,然后将结果存储在path字段中(请参阅最后一个字段).
What this will do is take your request field and parse it again using the URIPATH pattern and store the result in the path field (see the last field).
{
"message" => "127.0.0.1 - - [02/Jun/2016:15:38:57 +0900] \"GET /ad/adInfos?id=1 HTTP/1.1\" 404 68",
"@version" => "1",
"@timestamp" => "2016-06-03T04:54:49.631Z",
"host" => "iMac-de-Consulthys.local",
"clientip" => "127.0.0.1",
"ident" => "-",
"auth" => "-",
"timestamp" => "02/Jun/2016:15:38:57 +0900",
"verb" => "GET",
"request" => "/ad/adInfos?id=1",
"httpversion" => "1.1",
"response" => "404",
"bytes" => "68",
"path" => "/ad/adInfos"
}
这篇关于如何在elasticsearch上使用logstash获取URL路径的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
