下面是用logstash编写的代码。我想每隔1分钟通过logstash访问API并将数据发送到elasticsearch
input {
exec {
command => 'bin/true'
tags => "myaccount_test"
schedule => "* * * * *"
}
}
filter {
if "myaccount_test" in [tags] {
ruby { code => "event.set('end', event.get('@timestamp').to_i)" }
ruby { code => "event.set('start', event.get('@timestamp').to_i - 1917)" }
http {
body_format => "json"
follow_redirects => false
body => {
"query" => "SELECT pagename AS ErrorPage, referrer AS GeneratedPage, count(*) AS ErrorTraffic FROM browser_records WHERE appkey = 'AAA-AAB-AUB'"
"start" => "%{start}"
"end" => "%{end}"
}
url => "http://<domainname>:<port>/events/query?limit=200"
verb => "POST"
headers => {
"X-Events-API-AccountName" => "custxxxxx_xxxxxxxxxxxx"
"X-Events-API-Key" => "xxxxxxx-xxxxxxx-xxxx"
"Content-type" => "application/vnd.appd.events+json;v=2"
}
}
}
}
output {
if "myaccount_test" in [tags] {
stdout { codec => json_lines }
}
}
但是我在使用http过滤器时出错(访问/ events / query的错误请求
[2020-08-07T16:15:00,165][ERROR][logstash.filters.http ][main][e70ac31237ba1ca2ac387603953776f0cb06c3aecbd113db0915a1404334ad85] error during HTTP request {:url=>"http://<domainname>:<port>/events/query?limit=200", :code=>400, :response=>"<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\"/>\n<title>Error 400 Bad Request</title>\n</head>\n<body><h2>HTTP ERROR 400</h2>\n<p>Problem accessing /events/query. Reason:\n<pre> Bad Request</pre></p>\n</body>\n</html>\n"}
{"@timestamp":"2020-08-07T12:15:00.041Z","end":1596802500,"start":1596800583,"message":"","@version":"1","command":"bin/true","host":"hostname","tags":["myaccount_test","_httprequestfailure"]}
下面是我正在尝试访问的http请求示例
POST http://api.example.com/events/query?limit=100 HTTP/1.1
X-Events-API-AccountName:<global_account_name>
X-Events-API-Key:<api_key>
Content-Type: application/vnd.appd.events+json;v=2
Accept: application/vnd.appd.events+json;v=2
[
{
"query": "SELECT * FROM county WHERE population>50000",
"limit": 10,
"start": "2017-02-23T0:0:0Z",
"end": "2017-03-1T0:0:0Z"
},
]
请帮助