解析logstash自定义格式 - 任何建议

时间:2016-03-03 13:34:36

标签: logstash logstash-grok grok logstash-configuration logstash-forwarder

我在不同时间的nginx响应字段中得到响应。响应不固定。它是嵌套类型多次

有时它会像

{"resp":{\x22code\x22:200,\x22message\x22:\x22success\x22},"field2":"IP","field3":0.006,"field4":"06758e99be484fca56fb","field5":200,"field6":"-","date":"Wednesday, 24-Feb-2016 10:10:12 GMT","method":"POST","field7":"somevaibale","scheme":"http","field8":"-","bytes":68, "field9":"Variable","timestamp":"2016-02-24 10:10:12.000"}

有些时候,相同的Field1可能会有所不同 - 你能否说明可以在这里做些什么

{"resp":{\x22code\x22:200,\x22message\x22:\x22success\x22,\x22totalPages\x22:3,\x22data\x22:[{\x22items\x22:[{somedata | :{:{}},{:{}},{:{}},{:{}},{:{}},{:{}},{:{}},{:{}},{:{}},{:{}},{:{}},{:{}{}]}},"field2":"IP","field3":0.006,"field4":"06758e99be484fca56fb","field5":200,"field6":"-","date":"Wednesday, 24-Feb-2016 10:10:12 GMT","method":"POST","field7":"somevaibale","scheme":"http","field8":"-","bytes":68, "field9":"Variable","timestamp":"2016-02-24 10:10:12.000"}

那么在logstash中可以做什么 - 当我尝试使用grok模式进行解析时,resp .Gets中的嵌套字段因Grok解析失败而失败,并且如果我尝试使用json过滤器,则因为嵌套部分不适合而失败..请让我知道

1 个答案:

答案 0 :(得分:-1)

我发现您可以使用现有格式的任何自定义格式 - 在解析

时,以下网站很有帮助

https://grokdebug.herokuapp.com/patterns#

并解析使用下面的模式和来源

https://grokdebug.herokuapp.com/

快乐解析..

相关问题
最新问题