我有一个相当简单的问题,但这对我来说很困惑。我正在尝试使用Logstash通过rest api获取Gerrit数据。我正在使用http_poller并且我的配置得到了正确的响应,所以我几乎就在那里。
现在我需要从Gerrits JSON响应的开头剥离XSSI前缀 )]}' 。问题是,怎么样?如何剥离或拆分或改变它,或者我该如何进行?
我的输入配置:
input {
http_poller {
urls => {
gerrit_projects => {
method => get
url => "http://url.to/gerrit/a/projects/"
headers => { Accept => "application/json" }
auth => { user => "userid" password => "supresecret" }
}
}
target => "http_poller_data"
metadata_target => "http_poller_metadata"
request_timeout => 60
interval => 60
}
}
filter {
if [http_poller_metadata] {
mutate {
add_field => {
"http_poller_host" => "%{http_poller_metadata[host]}"
"http_poller" => "%{http_poller_metadata[name]}"
}
}
}
if [http_poller_metadata][runtime_seconds] and [http_poller_metadata][runtime_seconds] > 0.5 {
mutate { add_tag => "slow_request" }
}
if [http_request_failure] or [http_poller_metadata][code] != 200 {
mutate { add_tag => "bad_request" }
}
}
output {
stdout { codec => rubydebug }
}
部分回复:
Pipeline main started
JSON parse failure. Falling back to plain-text {:error=>#<LogStash::Json::ParserError: Unexpected character (')' (code 41)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')
at ... (bunch of lines)...
{
"http_poller_data" => {
"message" => ")]}'\n{\"All-Users\":{\"id\":\"All-Users\",....(more valid JSON)...",
"tags" => [
[0] "_jsonparsefailure"
],
"@version" => "1",
"@timestamp" => "2016-12-13T09:48:25.397Z"
},
"@version" => "1",
"@timestamp" => "2016-12-13T09:48:25.397Z",
"http_poller_metadata" => { ... }
这是我对StackOverflow的第一个问题。感谢您对您的回答表示满意!
答案 0 :(得分:0)
我使用“sed 1d”删除“)]}'”前缀和“jq”来处理JSON输出。例如,要获取Gerrit项目的状态,我执行:
curl -s --header 'Content-Type:application/json' --request GET --netrc https://<GERRIT-SERVER>/a/projects/?r=<GERRIT-PROJECT> | sed 1d | jq --raw-output ".[] | .state"
ACTIVE
答案 1 :(得分:0)
您可以将mutate过滤器与gsub选项(link)一起使用,以删除)]}
mutate {
gsub => [
"message", "\)]}'", ""
]
}
但是gsub会替换正则表达式的所有出现,所以你必须确保该模式只出现一次。