当尝试使用Logstash解析JSON数据时,解析似乎失败,并且我的JSON没有按预期发送给ES。任何建议都很好。尝试记录失败的Wordpress登录,但是对JSON的解析没有运气。
当前在FreeBSD 11上使用Logstash 6.4.2。
示例日志文件。文件除了此数据外别无其他。
{
"username": "billy",
"password": "gfdgdfdfg4",
"time": "2019-02-03 00:39:11",
"agent": "Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko\/20100101 Firefox\/62.0",
"ip": "11.11.11.11"
}
模板
{
"index_patterns": ["wpbadlogin*"],
"settings": {
"number_of_shards": 1,
"number_of_replicas" : 0,
"index.refresh_interval": "60s"
},
"mappings": {
"_default_": {
"properties": {
"host": {
"type": "text"
},
"username": {
"type": "text"
},
"password": {
"type": "text"
},
"agent": {
"type": "text"
},
"ip": {
"type": "ip"
}
},
"_all": {
"enabled": false
}
}
}
}
Logstash配置
input {
file {
type => "json"
codec => "json"
sincedb_path => "/dev/null"
path => "/var/log/lighttpd/badlogin.txt"
start_position => "beginning"#
tags => ["wpbadlogin"]
}
}
#filter { }
output {
stdout {
codec => rubydebug
}
elasticsearch {
hosts => ["10.0.5.30:9200"]
template => "/usr/local/etc/logstash/templates/wpbadlogin.json"
template_name => "wpbadlogin"
template_overwrite => true
index => "wpbadlogin"
}
}