我成功地能够为logstash集成JMX插件。现在,我正在尝试可视化JMX数据。
为此,我尝试将自定义字段添加到已解析的jmx数据中。
示例:
input{
beats{
port => 27080
congestion_threshold => 1500
}
jmx {
path => "file://Machine01/Users/username/projects/Logstash/logstash/bin/jmx"
polling_frequency => 15
type => "jmx"
nb_thread => 4
}
}
filter {
if [type] == "Type1"{
grok{
break_on_match => false
patterns_dir => ["C:\Users\users\projects\Logstash\logstash\bin\patterns"]
match => { "message" => "%{YEAR:Year}%{MONTHNUM:Month}%{MONTHDAY:Day} %{HOUR:Hour}%{MINUTE:Minute}%{SECOND:Second} %{LogLevel:LogVerbosity} %{MODULE:MODULENAME}%{SPACE}%{MESSAGEID:MESSAGEID} %{SUBMODULE:SUBMODULE} %{MESSAGE:MESSAGE}"}
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
add_tag => ["Groked"]
}
if "_grokparsefailure" in [tags] {
drop { }
}
if [type] == "jmx" {
if ("OperatingSystem.ProcessCpuLoad" in [metric_path] or "OperatingSystem.SystemCpuLoad" in [metric_path]) {
ruby {
code => "event['cpuLoad'] = event['metric_value_number'] * 100"
add_tag => [ "cpuLoad" ]
}
}
}
}
}
output {
if [type] == "jmx" {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "jmx"
}
} else {
elasticsearch {
hosts => ["http://localhost:9200"]
manage_template => true
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
}
但是,在KIbana,它没有显示任何这样新添加的字段,这是我在Kibana获得的数据。
@version:1
@timestamp:May 30th 2016, 18:50:36.622
host:host
path:file://Machine01/Users/username/projects/Logstash/logstash/bin/jmx
type:jmx
metric_path:OperatingSystem.ProcessCpuLoad
metric_value_number:0.003
_id:AVUB0r_4sUXN-4lFtxGq
_type:jmx
_index:jmx _score:
如何更改此项以添加我在过滤器中定义的新字段。
此外,还有更好的方法可视化Kibana上的JMX数据。