使用HTTP POST请求作为输入的Logstash的Grok模式

时间:2015-07-20 11:39:13

标签: elasticsearch logstash grok logstash-grok

我正在使用Logstash处理我的日志并将它们存储到Elastic Search。 我正在使用http作为我的logstash的输入插件。

我的http发帖请求是:

// simplify Math

'use strict';

Object.getOwnPropertyNames(Math).map(function(prop) {
  window[prop] = Math[prop];
});

// add missing math functions
var rad = (degree)=> {
  return degree * PI / 180;
};
var deg = (radians)=> {
  return radians * 180 / PI;
};

// get our drawing areas

var model = document.getElementById('model');
var modelContext = model.getContext('2d');

var result = document.getElementById('result');
var resultContext = result.getContext('2d');

var setSize = function setSize() {
  model.height = 200;
  model.width = 200;
  result.height = 400;
  result.width = 400;
};

// size of the grabbing dots
var dotSize = 5;
// flag to determine if we are grabbing a point
var grab = -1;
// set size to init instances
setSize();
//
var iterations = 1;

// define points
// this only defines the initial model

var returnPoints = function returnPoints(width) {
  return [{
    x: 0,
    y: width
  }, {
    x: width / 3,
    y: width
  }, {
    x: width / 2,
    y: width / 3*2
  }, {
    x: width / 3 * 2,
    y: width
  }, {
    x: width,
    y: width
  }];
};

// set initial state for model
var points = returnPoints(model.width);

// handle interaction
// grab points only if hovering
var grabPoint = function grabPoint(e) {
  var X = e.layerX;
  var Y = e.layerY;
  for (var i = 1; i < points.length - 1; i++) {
    if (abs(X - points[i].x) < dotSize && abs(Y - points[i].y) < dotSize) {
      model.classList.add('grabbing');
      grab = i;
    }
  }
};
// release point
var releasePoint = function releasePoint(e) {
  if (grab > -1) {
    model.classList.add('grab');
    model.classList.remove('grabbing');
  }
  grab = -1;
};

// set initial state for result

// handle mouse movement on the model canvas
var handleMove = function handleMove(e) {
  // determine current mouse position
  var X = e.layerX;
  var Y = e.layerY;
  // clear classes
  model.classList.remove('grabbing');
  model.classList.remove('grab');

  // check if hovering a dot
  for (var i = 1; i < points.length - 1; i++) {
    if (abs(X - points[i].x) < dotSize && abs(Y - points[i].y) < dotSize) {
      // indicate grabbable
      model.classList.add('grab');
    }
  }

  // if grabbing
  if (grab > -1) {
    // indicate grabbing
    model.classList.add('grabbing');
    // modify dot on the model canvas
    points[grab] = {
      x: X,
      y: Y
    };
    // modify dots on the result canvas
    drawSegment({
      x: points[grab - 1].x,
      y: points[grab - 1].y
    }, {
      x: X,
      y: Y
    });

  }
};

let m2 = points[1].x / points[4].x
let m3 = points[2].x / points[4].x
let m4 = points[3].x / points[4].x
let n2 = points[1].y / points[4].y
let n3 = points[2].y / points[4].y
let n4 = points[3].y / points[4].y

var drawSegment = function drawSegment(start, end) {
  var dx = end.x - start.x
  var dy = end.y - start.y
  var dist = sqrt(dx * dx + dy * dy)
  var angle = atan2(dy, dx)
  let x1 = end.x
  let y1 = end.y
  let x2 = round(cos(angle) * dist)
  let y2 = round(sin(angle) * dist)

  resultContext.srtokeStyle = 'red'
  resultContext.beginPath()
  resultContext.moveTo(x1, y1)
  resultContext.lineTo(x2, y2)
  resultContext.stroke()

  m2 = points[1].x / points[4].x
  m3 = points[2].x / points[4].x
  m4 = points[3].x / points[4].x
  n2 = points[1].y / points[4].y
  n3 = points[2].y / points[4].y
  n4 = points[3].y / points[4].y

};

var drawDots = function drawDots(points) {
  // draw dots
  for (var i = 1; i < points.length - 1; i++) {
    modelContext.lineWidth = 4; //
    modelContext.beginPath();
    modelContext.strokeStyle = 'hsla(' + 360 / 5 * i + ',100%,40%,1)';
    modelContext.fillStyle = 'hsla(0,100%,100%,1)';
    modelContext.arc(points[i].x, points[i].y, dotSize, 0, 2 * PI);
    modelContext.stroke();
    modelContext.fill();
  }
};

var drawModel = function drawModel(ctx, points, n) {


  var dx = points[1].x - points[0].x
  var dy = points[1].y - points[0].y
  var dist = sqrt(dx * dx + dy * dy)
  var angle = atan2(dy, dx)
  let x1 = points[1].x
  let y1 = points[1].y
  let x2 = round(cos(angle) * dist)
  let y2 = round(sin(angle) * dist)

  ctx.strokeStyle = 'hsla(0,0%,80%,1)';
  ctx.lineWidth = 1;
  ctx.beginPath();
  ctx.moveTo(points[0].x,       
             points[0].y)
  ctx.lineTo(points[1].x * m2,  
             points[1].y * n2)
  ctx.lineTo(points[1].x * m3,  
             points[1].y * n3)
  ctx.lineTo(points[1].x * m4,  
             points[1].y * n4)
  ctx.lineTo(points[1].x,       
             points[1].y)

  ctx.stroke();

    ctx.strokeStyle = 'hsla(100,100%,80%,1)';

  ctx.beginPath();
  ctx.moveTo(points[0].x,       
             points[0].y)
  ctx.lineTo(points[1].x,       
             points[1].y)

  ctx.stroke()
  if (n > 0 ) {

    drawModel(resultContext, [{
      x: points[0].x,
      y: points[0].y
    }, {
      x: points[1].x * m2,
      y: points[1].y * n2 
    }], n - 1);
    drawModel(resultContext, [{
      x: points[1].x * m2,
      y: points[1].y * n2
    }, {
      x: points[1].x * m3,
      y: points[1].y * n3 
    }], n - 1);
    /*
    drawModel(resultContext, [{
      x: points[1].x * m3,
      y: points[1].y * m3
    }, {
      x: points[1].x * m4,
      y: points[1].y * n4 
    }], n - 1);

    drawModel(resultContext, [{
      x: points[1].x * m4,
      y: points[1].y * m4
    }, {
      x: points[1].x,
      y: points[1].y 
    }], n - 1);*/
  } else {
 ctx.strokeStyle = 'hsla(0,100%,50%,1)';
  ctx.beginPath();
  ctx.moveTo(points[0].x,       
             points[0].y)
  ctx.lineTo(points[1].x * m2,  
             points[1].y * n2)
  ctx.lineTo(points[1].x * m3,  
             points[1].y * n3)
  ctx.lineTo(points[1].x * m4,  
             points[1].y * n4)
  ctx.lineTo(points[1].x,       
             points[1].y)

  ctx.stroke();
  }
};

var draw = function draw() {

  // clear both screens
  modelContext.fillStyle = 'hsla(0,0%,100%,.5)';
  modelContext.fillRect(0, 0, model.width, model.height);

  resultContext.fillStyle = 'hsla(0,0%,100%,1)';
  resultContext.fillRect(0, 0, result.width, result.height);

  // draw model
  drawModel(modelContext, [{
    x: 0,
    y: 200
  }, {
    x: 200,
    y: 200
  }]);

  drawModel(resultContext, [{
    x: 0,
    y: 400
  }, {
    x: 400,
    y: 400
  }],iterations);


  // draw the dots to indicate grabbing points
  drawDots(points);
  // redraw
  requestAnimationFrame(draw);
};

window.addEventListener('resize', setSize);
model.addEventListener('mousemove', handleMove);
model.addEventListener('mousedown', grabPoint);
window.addEventListener('mouseup', releasePoint);

setSize();
draw();

我想将类型和消息密钥存储为弹性搜索中的不同字段。

目前,所有发布数据都存储为单个字段,如:

  

“message”:“{\”type \“:\”ReferenceError \“,\”message \“:\”y不是   定义\ “}”

我认为这可以使用grok过滤器完成,但我找不到办法来做到这一点。

非常感谢任何帮助。 感谢。

2 个答案:

答案 0 :(得分:3)

如果您使用json codec,则应自动将信息拆分为字段。

答案 1 :(得分:2)

  

编辑:   正如Alain所说,这是使用json编解码器的最佳方式,可以直接在http输入插件中设置。如果由于某种原因无法实现,则可以使用grok过滤器。

如果我理解你,你的传入事件如下:

{"type": "reference error", "message": "y is not defined"}

然后相应的grok模式如下所示:

{"type": %{QUOTEDSTRING:http_type}, "message": %{QUOTEDSTRING:http_message}}

在您的logstash配置中:

grok {
    match => [ "message", "{\"type\": %{QUOTEDSTRING:http_type}, \"message\": %{QUOTEDSTRING:http_message}}" ]
}

然后,结果将包含两个字段http_typehttp_message

相关问题
最新问题