我是Logstash的新手,我正在使用Logstash解析JSON行,如下所示:
{"timestamp":"1970-01-01T08:00:11.328750+0800","flow_id":666385651532846,"pcap_cnt":19,"event_type":"dns","src_ip":"10.0.2.28","src_port":62793,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":52369,"rrname":"dns.msftncsi.com","rrtype":"A","tx_id":0}}
我在这里使用我的配置,但未显示任何内容:
input {
file {
type => "json"
path => "/home/sfrogit96/Documents/ELK/logstash-6.3.1/bin/test.json"
start_position => "beginning"
}
}
filter {
json {
source => "message"
target => "message"
}
}
output { stdout { codec => rubydebug }}