• logstash date插件


    [elk@dr-mysql01 api-access]$ date
    Wed Nov 30 19:21:35 CST 2016
    [elk@dr-mysql01 api-access]$ 
    
    [elk@dr-mysql01 config]$  ../bin/logstash -f stdin02.conf 
    Settings: Default pipeline workers: 8
    Pipeline main started
    12/Sep/2016:21:32:33 +0800
    {
           "message" => "12/Sep/2016:21:32:33 +0800",
          "@version" => "1",
        "@timestamp" => "2016-11-30T11:21:57.442Z",  ##时间为当前系统时间
              "host" => "dr-mysql01.zjcap.com",
           "logdate" => "12/Sep/2016:21:32:33 +0800"
    }
    
    
    [elk@dr-mysql01 config]$  ../bin/logstash -f stdin02.conf 
    Settings: Default pipeline workers: 8
    Pipeline main started
    12/Sep/2016:21:32:33 +0800
    {
              "message" => "12/Sep/2016:21:32:33 +0800",
             "@version" => "1",
           "@timestamp" => "2016-09-12T13:32:33.000Z",
                 "host" => "dr-mysql01.zjcap.com",
              "logdate" => "12/Sep/2016:21:32:33 +0800",
        "response_time" => "12/Sep/2016:21:32:33 +0800"
    }
    
    
    
    c[elk@dr-mysql01 config]$ cat stdin02.conf 
    input {
        stdin {
        }
    }
    
    filter {
        grok {
            match => ["message", "%{HTTPDATE:logdate}"]
        }
        date {
            match => ["logdate", "dd/MMM/yyyy:HH:mm:ss Z"]
            add_field =>["response_time","%{logdate}"]
        }
    }
    output {
     stdout {
      codec=>rubydebug{}
       }
     }
    
    
    /****************iss日志
    2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45
    
    [elk@dr-mysql01 config]$ cat iss.conf 
    input {
        stdin {
        }
    }
    filter {
        grok {
            match => [
                 "message" ,"s*(?<time>([0-9]{4}-[0-9]{2}-[0-9]{2}s+[0-9]{2}:[0-9]{2}:[0-9]{2}))s+%{IPORHOST:clientip}s+%{WORD:verb}s+%{URIPATHPARAM:request}s+-s+(?<port>
    
    ([0-9]{2}.*?))s+-s+%{IPORHOST:sourceip}s+(?<http_user_agent>(S+s+).*?).*"
                    ]
           }
             date {
            match => ["time", "yyyy-MM-dd HH:mm:ss"]
        }
    }
    output {
     stdout {
                            codec => rubydebug
                    } 
      
    }
    
    
    [elk@dr-mysql01 config]$ ../bin/logstash -f iss.conf 
    Settings: Default pipeline workers: 8
    Pipeline main started
    2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45
    {
                "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;
    
    +rv:1.9pre)+Gecko - 200 0 0 45",
               "@version" => "1",
             "@timestamp" => "2016-11-29T22:33:33.000Z",
                   "host" => "dr-mysql01.zjcap.com",
                   "time" => "2016-11-30 06:33:33",
               "clientip" => "192.168.5.116",
                   "verb" => "GET",
                "request" => "/Hotel/HotelDisplay/cncqcqb230",
                   "port" => "80",
               "sourceip" => "192.168.9.2",
        "http_user_agent" => "Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko "
    
    
    
    [elk@dr-mysql01 config]$ cat iss.conf 
    input {
        stdin {
        }
    }
    filter {
        grok {
            match => [
                 "message" ,"s*(?<time>([0-9]{4}-[0-9]{2}-[0-9]{2}s+[0-9]{2}:[0-9]{2}:[0-9]{2}))s+%{IPORHOST:clientip}s+%{WORD:verb}s+%{URIPATHPARAM:request}s+-s+(?<port>
    
    ([0-9]{2}.*?))s+-s+%{IPORHOST:sourceip}s+(?<http_user_agent>(S+s+).*?).*"
                    ]
           }
             date {
            match => ["time", "yyyy-MM-dd HH:mm:ss Z"]
        }
    }
    output {
     stdout {
                            codec => rubydebug
                    } 
      
    }
    [elk@dr-mysql01 config]$ ../bin/logstash -f iss.conf 
    Settings: Default pipeline workers: 8
    Pipeline main started
    2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45
    Failed parsing date from field {:field=>"time", :value=>"2016-11-30 06:33:33", :exception=>"Invalid format: "2016-11-30 06:33:33" is too short", :config_parsers=>"yyyy-MM-dd 
    
    HH:mm:ss Z", :config_locale=>"default=en_US", :level=>:warn}
    {
                "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;
    
    +rv:1.9pre)+Gecko - 200 0 0 45",
               "@version" => "1",
             "@timestamp" => "2016-11-30T11:28:32.972Z",
                   "host" => "dr-mysql01.zjcap.com",
                   "time" => "2016-11-30 06:33:33",
               "clientip" => "192.168.5.116",
                   "verb" => "GET",
                "request" => "/Hotel/HotelDisplay/cncqcqb230",
                   "port" => "80",
               "sourceip" => "192.168.9.2",
        "http_user_agent" => "Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko ",
                   "tags" => [
            [0] "_dateparsefailure"
        ]
    }
    
    
    
    
    

  • 相关阅读:
    如何用jquery实现实时监控浏览器宽度
    关于oracle with as用法
    SQL查询语句,怎样查询重复数据
    Axure RP Pro7.0的key注册码加汉化非破解
    秦曾昌人工智能课程---7、决策树集成学习Tree Ensembles
    秒懂机器学习---分类回归树CART
    秒懂机器学习---朴素贝叶斯
    秒懂机器学习---k临近算法(KNN)
    秒懂机器学习---机器学习无法逃避的梯度下降法
    秒懂机器学习---当机器学习遇上决策树....
  • 原文地址:https://www.cnblogs.com/hzcya1995/p/13349996.html
Copyright © 2020-2023  润新知