我希望将通过curl触发的http输入(JSON)解析并保存在elasticsearch中。输入将是这样的:-
卷曲http://localhost:8080 -d {“ applicationname”:“ app2”,“ timestamp”:“ 07/06/2019 12:40:40”,“ errormsg”:“第1行错误”
我想解析每个JSON密钥(应用程序名称,时间戳记,错误消息),并基于应用程序名称和时间戳记创建索引。
下面是我正在使用的logstash.conf文件。
input {
http {
host => "localhost"
port => "8080"
codec => json
}
}
filter {
json {
source => "message"
target => "parsedJson"
}
mutate {
add_field => {
"appname" => "%{[parsedJson][applicationname]}"
"tst" => "%{[parsedJson][timestamp]}"
"msg" => "%{[parsedJson][errormsg]}"
}
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "%{[appname]}-%{+YYYY.MM.dd}"
}
stdout { codec => rubydebug }
}
在解析此JSON输入时需要帮助。我在logstash中收到以下输出:
{
"tst" => "%{[parsedJson][timestamp]}",
"msg" => "%{[parsedJson][errormsg]}",
"tags" => [
[0] "_jsonparsefailure"
],
"@timestamp" => 2019-06-08T11:21:21.607Z,
"appname" => "%{[parsedJson][application]}",
"message" => "'{applicationname:app2,timestamp:07/06/2019 12:40:40,errormsg:Error at line 1}'",
"headers" => {
"request_path" => "/",
"http_user_agent" => "curl/7.55.1",
"content_type" => "application/x-www-form-urlencoded",
"http_host" => "localhost:8080",
"content_length" => "79",
"http_accept" => "*/*",
"request_method" => "POST",
"http_version" => "HTTP/1.1"
},
"@version" => "1",
"host" => "127.0.0.1"
}
预期输出为:
appname:app2 tst:07/06/2019 12:40:40 msg:第1行出现错误
应在Elasticsearch中使用“ appname-tst”创建索引。