我有一些类似的数据:
{“ @ timestamp”:“ 2019-02-26T05:12:30.090 + 00:00”,“ @ version”:“ 1”,“ message”:“ \ n ========== =======> \ n请求 详细信息:\ n [requestId:abc118f2-qqff-10bb-a900-33cc9b88e333] \ n [requestMethod = GET] \ n [requestUrl = http://test.api.tmp.com/rawQuantities] \ n [requestHeaders = {testing-id = Root = abc-123-xyz,x-forwarded-proto = https, host = test.api.tmp.com,x-forwarded-port = 443, content-type =应用程序/ json,x-forwarded-for = xx.xx.xx.xx, accept-encoding = gzip,放气,accept = application / json, user-agent = Apache-HttpClient / 4.5.2 (Java / 1.8.0_181)}] \ n [requestBodySize:0] \ n <===============> \ n ... }
IP为:x-forwarded-for=xx.xx.xx.xx
我只想过滤掉所有唯一的IP。
我尝试了一些组合,例如:
index=api_dev sourcetype="test-api" message="*" | spath output=field path=_raw.requestDetails.x-forwarded-for
index=api_dev sourcetype="test-api" message=x-forwarded-for*
答案 0 :(得分:0)
您可以按以下方式过滤掉它:
index=test_dev sourcetype="test-api" | rex field=message "x-forwarded-for=(?P<client_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" | search test_ip="*"