如何获取日志及其具有单词"error"的数据?在然后如何为相同配置logstashPipeLine.conf文件? [英] How to get logs and it's data having word "error" in then and how to configure logstashPipeLine.conf file for the same?
问题描述
当前,我正在开发一个应用程序,该应用程序需要从特定位置的文件中的特定数据创建文档.我已经设置了logstash管道配置.
Currently I am working on an application where I need to create documents from particular data from a file at specific location. I have set up logstash pipeline configuration.
这是当前的样子:
input{
file{
path => "D:\ELK_Info\logstashInput.log"
start_position => "beginning"
}
}
#Possible IF condition here in the filter
output {
#Possible IF condition here
http {
url => "http://localhost:9200/<index_name>/<type_name>"
http_method => "post"
format => "json"
}
}
我想在调用API之前在输出中提供IF条件. 条件应为如果来自输入的数据包含单词'Error',则仅继续进一步调用提到的http API."
I want to provide IF condition in output before calling API. The condition should be like, "If data from input contains word 'Error', only then proceed further to call http API mentioned."
关于我该怎么做的任何想法?
Any idea on how may I do the same?
推荐答案
请查看以下链接:第一步是查看输入是否有错误作为关键字,如果是,请继续进行第二次解析.如果没有,那就忘了输入.
The first step is to look whehther input has error as key word, if so, continue the parsing by second grok. If no, just forget the input.
这篇关于如何获取日志及其具有单词"error"的数据?在然后如何为相同配置logstashPipeLine.conf文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
