我有一个用于日志分析的ELK(v5.2.1)集群。我的索引有许多日志消息,一些消息包含有关结果代码的字符串。消息是这样的:
2017-03-28 20:35:14,518 [http-bio-8173-exec-3] INFO [soap] Outbound Message
ID: 2910
Response-Code: 200
Encoding: ISO-8859-1
Content-Type: application/soap+xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><env:Header xmlns:env="http://www.w3.org/2003/05/soap-envelope"/><soap:Body><syn:getActiveUserResponse xmlns:ns2="http://somecompany.com" xmlns:ns3="http://ws.myserver.com/unibssHead" xmlns:ns4="http://ws.myserver.com/InternationUser/anyappBody/syncRoamingTrafficInfoReq" xmlns:ns5="http://ws.myserver.com/InternationUser/anyappBody" xmlns:ns6="http://ws.myserver.com/unibssAttached" xmlns:ns7="http://ws.myserver.com/InternationUser/anyappBody/syncRoamingTrafficInfoRsp" xmlns:syn="http://somecompany.com"><Result>2012</Result><Description>Something wrong</Description><TransactionID>a0431</TransactionID><Count>0</Count></syn:getActiveUserResponse></soap:Body></soap:Envelope>
我尝试从邮件中提取<Result>和</Result>之间的数字,并计算某段时间内的金额。任何人都可以分享如何做到这一点?我知道一些基本的问题,比如&#39;匹配&#39;,&#39;术语&#39;,&#39; aggs&#39;只要。提前谢谢!