Logstash配置文件错误(Answer not working) [英] Logstash configuration file error(Answer not working)
问题描述
唯一确定[url] [queryString]的是它以404开头;或者键长。我需要删除这样的键。
如果我使用下面的红宝石代码,它不能将链接的hashmap转换为字符串异常。
The only thing that is certain about [url][queryString] is that it begins with 404; or that the key is long.I need to remove such keys. If I use the ruby code below it gives cannot convert linked hashmap to string exception.
input {
file {
# Wildcards work, here :)
path => ["C:\Users\ppurush\Desktop\test\*.log"]
start_position => "beginning"
}
}
filter {
ruby {
code=>
"
require json
my_hash = JSON.parse([url][queryString])
my_hash.delete_if { |key,value| key.to_s.match(/^404;/) }
"
}
}
output {
stdout{}
elasticsearch {
host => localhost
}
}
推荐答案
你得到一个 ruby异常,因为你的ruby代码是无效的。尝试这样做:
You get a ruby exception because your ruby code is invalid. Try this instead:
filter {
ruby {
init => "require 'json'"
code => "
my_hash = JSON.parse( event['url']['queryString'] )
my_hash.delete_if { |key,value| key.to_s.match(/^404;/) }
"
}
}
如果您的活动有'url'=> 'queryString'
字段包含有效的json。您可能已经有了某种过滤器来实现这一点(例如神交)。您也可以考虑使用logstash内置的 json filter 也可以删除删除某些事件
This works if your event has a 'url' => 'queryString'
field which contains valid json. You might already have some kind of filter to achieve this (e.g. grok). You might also consider using logstash's built-in json filter and maybe drop to delete certain events.
假设你的输入是简单的json (我不得不整理这个):
Suppose your input is plain json (I had to tidy this up):
{"id":"val1","host":"val2","app":"val3","@timestamp":"2015-08-04T19:00:03.6429322Z","@timestampEnd":"2015-08-04T19:00:03.6429322Z","vid":"val4","vidNew":"val5","sessionId":"val6","url":{"rawUrl":"val7","path":"val8","queryString":{"404;dfdgfdgfghfhjghhhhhhhhhhhhh":""}},"net":{"method":"GET","status":"200","size":"0","timeTakenMillis":"0"},"context":{"SearchType":""}}
您可以使用 codec =>您的文件输入中的json
。
input {
file {
path => ["C:\Users\ppurush\Desktop\test\*.log"]
start_position => "beginning"
codec => "json"
}
}
你会得到一个字段: p>
You will get a field:
"url" => {
"rawUrl" => "val7",
"path" => "val8",
"queryString" => {
"404;dfdgfdgfghfhjghhhhhhhhhhhhh" => ""
}
}
所以 404; dfdgfdgf ghfhjghhhhhhhhhhhhhh
也是一个变量。要检查并删除事件,您可以执行以下操作:
So 404;dfdgfdgfghfhjghhhhhhhhhhhhh
is a variable, too. To check for it and delete the event you could do something like this:
if [url][queryString][404;dfdgfdgfghfhjghhhhhhhhhhhhh] {
drop {}
}
这篇关于Logstash配置文件错误(Answer not working)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!