Question

我发出一个REST请求，发送回以下格式：

{
  "data": [
    {
      "loggerName": "org.mule.processor.SedaStageLifecycleManager",
      "threadName": "qtp1351031503-37",
      "timestamp": 1482827683939,
      "message": "Initialising service: post:/technicalSectors:application/json:wms-system-api-config.stage1",
      "priority": "INFO",
      "instanceId": "586226ece4b0543a6e70ce4b-0"
    },
    {
      "loggerName": "org.mule.construct.FlowConstructLifecycleManager",
      "threadName": "qtp1351031503-37",
      "timestamp": 1482827683940,
      "message": "Initialising flow: post:/operationOrder:application/json:wms-system-api-config",
      "priority": "INFO",
      "instanceId": "586226ece4b0543a6e70ce4b-0"
    },
    {
      "loggerName": "org.mule.exception.DefaultMessagingExceptionStrategy",
      "threadName": "qtp1351031503-37",
      "timestamp": 1482827683940,
      "message": "Initialising exception listener: org.mule.exception.DefaultMessagingExceptionStrategy@4f2dec20",
      "priority": "INFO",
      "instanceId": "586226ece4b0543a6e70ce4b-0"
    },
    {
      "loggerName": "org.mule.processor.SedaStageLifecycleManager",
      "threadName": "qtp1351031503-37",
      "timestamp": 1482827683946,
      "message": "Initialising service: post:/operationOrder:application/json:wms-system-api-config.stage1",
      "priority": "INFO",
      "instanceId": "586226ece4b0543a6e70ce4b-0"
    }
}

我有以下logstash输入文件，使用http-poller-plugin：

input {
  http_poller {
    urls => {
      logs => {
          method  => "GET"
          url     => "some_url"
          headers => {
              Authorization => "bearer abcdefg"
              "X-ANYPNT-ENV-ID" => "idXYZ"
          }
      }
    }
    request_timeout => 60
    # Supports "cron", "every", "at" and "in" schedules by rufus scheduler
    schedule => { every => "5s"}
    # A hash of request metadata info (timing, response headers, etc.) will be sent here
    #metadata_target => "http_poller_metadata"
  }
}

filter {
  split {
    field => "data"
  }
}

output {
  stdout {
    codec => rubydebug
  }
}

导致：

{
         "total" => 150,
    "@timestamp" => 2016-12-29T10:31:15.893Z,
          "data" => {
        "instanceId" => "586226ece4b0543a6e70ce4b-0",
        "loggerName" => "org.mule.module.apikit.MappingExceptionListener",
           "message" => "\n********************************************************************************\nMessage               : Authentication Attempt Failed.\nElement               : /wms-experience-api-main/processors/1 @ wms-service-api:null:null\n--------------------------------------------------------------------------------\nException stack is:\nAuthentication Attempt Failed. (org.mule.api.security.UnauthorisedException)\n  org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:150)\n  org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)\n  org.mule.module.spring.security.SpringProviderAdapter.authenticate(SpringProviderAdapter.java:66)\n  org.mule.security.MuleSecurityManager.authenticate(MuleSecurityManager.java:85)\n  org.mule.transport.http.filters.HttpBasicAuthenticationFilter.authenticateInbound(HttpBasicAuthenticationFilter.java:130)\n  (101 more...)\n\n  (set debug level logging or '-Dmule.verbose.exceptions=true' for everything)\n********************************************************************************\n",
          "priority" => "ERROR",
        "threadName" => "[wms-service-api].wms-service-api-httpListenerConfig.worker.06",
         "timestamp" => 1482846793688
    },
      "@version" => "1",
          "tags" => []
}
{
         "total" => 150,
    "@timestamp" => 2016-12-29T10:31:15.893Z,
          "data" => {
        "instanceId" => "586226ece4b0543a6e70ce4b-0",
        "loggerName" => "EXIT",
           "message" => "service=\"wms-system-api\", loggingStatus=\"Exit\", uri=\"/1.0/wms-experience-api/technicalSectors\", method=\"POST\", status=\"401\"",
          "priority" => "INFO",
        "threadName" => "[wms-service-api].wms-service-api-httpListenerConfig.worker.06",
         "timestamp" => 1482846793689
    },
      "@version" => "1",
          "tags" => []
}
{
         "total" => 150,
    "@timestamp" => 2016-12-29T10:31:15.893Z,
          "data" => {
        "instanceId" => "586226ece4b0543a6e70ce4b-0",
        "loggerName" => "ENTER",
           "message" => "service=\"wms-experience-api\", loggingStatus=\"Enter\", uri=\"/1.0/wms-experience-api/technicalSectors\", method=\"POST\"",
          "priority" => "INFO",
        "threadName" => "[wms-service-api].wms-service-api-httpListenerConfig.worker.06",
         "timestamp" => 1482846931923
    },
      "@version" => "1",
          "tags" => []
}

我需要的是仅在某个字段为真时输出数据，例如，priority等于ERROR。

到目前为止，我的尝试并未取得丰硕成果。有帮助吗？

Answer 1

已经找到了：

output {
  if [data][priority] == "ERROR" {
    stdout {
      codec => rubydebug
    }
  }
}

Logstash按嵌套字段过滤

1 个答案: