Logstash | Data Processing Services of Connector | Feature |
Codec.json | ✔ | |
Filter.grok | ✔ | |
Filter.mutate.split | ✔ | |
Filter.date | ✔ | |
Filter.json | ✔ | |
Filter.mutate.convert | ✔ | |
Filter.mutate.gsub | ✔ | |
Filter.mutate.strip | ✔ | |
Filter.mutate.join | ✔ | |
Filter.mutate.rename | ✔ | |
Filter.mutate.update | ✔ | |
Filter.mutate.replace | ✔ | |
Filter.mutate.add_field | ✔ | |
Filter.mutate.remove_field | ✔ | |
Filter.mutate.copy | ✔ | |
Filter.mutate.merge | | TODO |
Filter.mutate.uppercase | | TODO |
Filter.mutate.lowercase | | TODO |
// Codec.jsoninput {file {path => "/var/log/nginx/access.log_json""codec => "json"}}// Filter.grokfilter {grok {match => {"message" => "\\s+(?<request_time>\\d+(?:\\.\\d+)?)\\s+"}}}// Filter.mutate.splitfilter {split {field => "message"terminator => "#"}}
// Filter.datefilter {date {match => ["client_time", "yyyy-MM-dd HH:mm:ss"]}}
// Filter.jsonfilter {json {source => "message"target => "jsoncontent"}}
// Filter.mutate.convertfilter {mutate {convert => ["request_time", "float"]}}// Filter.mutate.gsubfilter {mutate {gsub => ["urlparams", ",", "_"]}}// Filter.mutate.stripfilter {mutate {strip => ["field1", "field2"]}}// Filter.mutate.joinfilter {mutate {join => { "fieldname" => "," }}}
$.concat($.data.Response.SubnetSet[0].VpcId,"#",$.data.Response.SubnetSet[0].SubnetId,"#",$.data.Response.SubnetSet[0].CidrBlock))
syntax to concatenate VPC and subnet attributes, which can be separated with the #
character.// Filter.mutate.renamefilter {mutate {rename => ["syslog_host", "host"]}}// Filter.mutate.updatefilter {mutate {update => { "sample" => "My new message" }}}// Filter.mutate.replacefilter {mutate {replace => { "message" => "%{source_host}: My new message" }}}// Filter.mutate.add_fieldfilter {mutate {split => { "hostname" => "." }add_field => { "shortHostname" => "%{[hostname][0]}" }}}// Filter.mutate.remove_fieldfilter {mutate {remove_field => ["field_name"]}}// Filter.mutate.copyfilter {mutate {copy => { "source_field" => "dest_field" }}}
{"@timestamp": "2022-02-26T22:25:33.210Z","beat": {"hostname": "test-server","ip": "6.6.6.6","version": "5.6.9"},"input_type": "log","message": "{\\"userId\\":888,\\"userName\\":\\"testUser\\"}","offset": 3030131,}
{"@timestamp": "2022-02-26T22:25:33.210Z","input_type": "log","hostname": "test-server","ip": "6.6.6.6","userId": 888,"userName": "testUser"}
{"@timestamp": "2022-02-26T22:25:33.210Z","input_type": "log","message": "{\\"userId\\":888,\\"userName\\":\\"testUser\\"}","hostname": "test-server","ip": "6.6.6.6"}
{"@timestamp": "2022-02-26T22:25:33.210Z","input_type": "log","hostname": "test-server","ip": "6.6.6.6","userId": 888,"userName": "testUser"}
region=Shanghai$area=a1$server=6.6.6.6$user=testUser$timeStamp=2022-02-26T22:25:33.210Z
{"region": "Shanghai","area": "a1","server": "6.6.6.6","user": "testUser","timeStamp": "2022-02-27 06:25:33","processTimeStamp": "2022-06-27 11:14:49"}
{"0": "region=Shanghai","1": "area=a1","2": "server=6.6.6.6","3": "user=testUser","4": "timeStamp=2022-02-26T22:25:33.210Z"}
{"0": "region=Shanghai","1": "area=a1","2": "server=6.6.6.6","3": "user=testUser","4": "timeStamp=2022-02-26T22:25:33.210Z","0.region": "Shanghai","1.area": "a1","2.server": "6.6.6.6","3.user": "testUser","4.timeStamp": "2022-02-26T22:25:33.210Z"}
{"region": "Shanghai","area": "a1","server": "6.6.6.6","user": "testUser","timeStamp": "2022-02-27 06:25:33","processTimeStamp": "2022-06-27 11:14:49"}
문제 해결에 도움이 되었나요?