如何在elasticsearch上使用logstash获取URL路径 [英] How to get url path using logstash on elasticsearch
本文介绍了如何在elasticsearch上使用logstash获取URL路径的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我已经使用我的logstash配置进行了测试
I have tested using my configuration of logstash
127.0.0.1 - - [02/Jun/2016:15:38:57 +0900] "GET /ad/adInfos?id=1 HTTP/1.1" 404 68
filter {
grok {
match => { "message" => "%{COMMONAPACHELOG}" }
}
}
它的工作方式如下
It's working as below
{
"message" => "127.0.0.1 - - [02/Jun/2016:15:39:02 +0900] \"POST /ad/signIn?id=1 HTTP/1.1\" 200 26",
"@version" => "1",
"@timestamp" => "2016-06-02T06:39:02.000Z",
"path" => "/opt/node-v4.3.1/logs/access.log",
"host" => "0.0.0.0",
"clientip" => "127.0.0.1",
"ident" => "-",
"auth" => "-",
"timestamp" => "02/Jun/2016:15:39:02 +0900",
"verb" => "POST",
"request" => "/ad/signIn?id=1
"httpversion" => "1.1",
"response" => "200",
"bytes" => "26"
}
但是我只想获取URL路径,除了path参数:/ad/signIn
But I want to get only URL path except path parameter: /ad/signIn
因为请求计数了每个REST API.
Because of request counting each REST API.
我该怎么办?
推荐答案
您只需要在第一个看起来像这样的对象之后添加第二个对象:
You simply need to add a second grok after the first one that looks like this:
grok {
match => { "request" => "%{URIPATH:path}" }
named_captures_only => false
}
这将是您的request
字段,并使用URIPATH
模式再次对其进行解析,然后将结果存储在path
字段中(请参阅最后一个字段).
What this will do is take your request
field and parse it again using the URIPATH
pattern and store the result in the path
field (see the last field).
{
"message" => "127.0.0.1 - - [02/Jun/2016:15:38:57 +0900] \"GET /ad/adInfos?id=1 HTTP/1.1\" 404 68",
"@version" => "1",
"@timestamp" => "2016-06-03T04:54:49.631Z",
"host" => "iMac-de-Consulthys.local",
"clientip" => "127.0.0.1",
"ident" => "-",
"auth" => "-",
"timestamp" => "02/Jun/2016:15:38:57 +0900",
"verb" => "GET",
"request" => "/ad/adInfos?id=1",
"httpversion" => "1.1",
"response" => "404",
"bytes" => "68",
"path" => "/ad/adInfos"
}
这篇关于如何在elasticsearch上使用logstash获取URL路径的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文