我使用以下配置将jenkins日志发送到logstash:
redis {
host => "localhost"
key => "logstash"
data_type => "list"
codec => json
}
这可以像预期的那样顺利,现在我在KIBANA看到了以下消息:
{
"_index": "logstash-2015.12.18",
"_type": "logs",
"_id": "AVG1BN5LXZBIbp7HE4xN",
"_score": null,
"_source": {
"data": {
"id": "965",
"projectName": "NicePJ",
"displayName": "#965",
"fullDisplayName": "NicePJ",
"url": "job/NIcePJ/965/",
"buildHost": "Jenkins",
"buildLabel": "master",
"buildNum": 965,
"buildDuration": 1,
"rootProjectName": "NicePJ",
"rootProjectDisplayName": "#965",
"rootBuildNum": 965,
"buildVariables": {
"target_SUT": "0201",
"report_warnings": "false",
"product": "Ours",
"testsuite": "Exciting_stuff5",
"qft_version": "current",
"target_task": "t324",
"branch": "test",
"testcase": "",
"revision": "HEAD",
"node": "hsqs960",
"client": "Desktop",
"run_specific_test": "false",
"user": "xxxxx"
}
},
"message": [
"A This is a message XYZ"
],
"source": "jenkins",
"source_host": "http://serverXL:8080/",
"@timestamp": "2015-12-18T12:16:02.000Z",
"@version": 1
},
"fields": {
"@timestamp": [
1450440962000
]
},
"sort": [
1450440962000
]
}
现在我想过滤某些消息的消息字段,但我无法让它工作。如何过滤消息字段以及如何访问buildHost字段以在管道中的if语句中使用它?
以下我尝试了很多例子:
if[data][buildHost]== "jenkins"
{
grok
{
match => { "message[0]" => "\[exec\]\s*\<%{GREEDYDATA:test}\s*\[%{GREEDYDATA:result}\]" }
}
}
但这根本不起作用,请帮帮我。
答案 0 :(得分:3)
==比较简单字符串和区分大小写,因此"jenkins"将不匹配,因为您的数据显示("buildHost": "Jenkins",):
if[data][buildHost]== "jenkins"
但是以下是:
if[data][buildHost]== "Jenkins"
如果您需要匹配两者,则可以使用||或正则表达式=~。
grok是一个用正则表达式模式解析消息的过滤器。您可以使用
测试正则表达式模式