如何在 logstash 中处理 json
How to process json in logstash
我是 ELK Stack 的新手,所以请原谅我的基本问题。我想要实现的是使 "message" 字段成为 json 对象,以便我可以在 kibana 中对其进行过滤。当前消息如下所示:
{
"_index": "logstash-2017.01.16",
"_type": "logs",
"_id": "AVmpCcSiEWIcXZql",
"_score": null,
"_source": {
"@timestamp": "2017-01-16T20:48:26.688Z",
"port": 50018,
"@version": "1",
"host": "xxx.xx.x.xx",
"message": "{\"@timestamp\":\"2017-01-16T20:48:26.642Z\",\"message\":\"\",\"tags\":[\"routing\"],\"source\":\"81caea3a2960/node /usr/src/app/src\",\"level\":\"info\",\"name\":\"apiservice-app\",\"server\":\"apiservice-app\",\"application\":\"apiservice-app\",\"port\":8080,\"hostname\":\"81caea3a2960\",\"pid\":16,\"req\":{\"method\":\"GET\",\"url\":\"/twitter/local/lists\",\"headers\":{\"host\":\"xxx.xx.x.xx:8080\",\"connection\":\"close\"},\"body\":{},\"hostname\":\"xxx.xx.x.xx\",\"ip\":\"::ffff:xxx.xx.x.xx\",\"originalUrl\":\"/twitter/local/lists\",\"params\":{},\"path\":\"/twitter/local/lists\",\"query\":{}},\"src\":{\"file\":\"/usr/src/app/src/libs/logstash.js\",\"line\":68}"}",
"tags": []
},
"fields": {
"@timestamp": [
1484599706688
]
},
"sort": [
1484599706688
]
}
我的 logstash.conf 文件看起来像这样
input {
tcp {
port => 5000
}
}
output {
elasticsearch {
hosts => "elasticsearch:9200"
}
}
日志由 node.js 应用程序中的 buyan 记录器生成:
'use strict';
const bunyan = require('bunyan');
const bunyantcp = require('bunyan-logstash-tcp');
let log = bunyan.createLogger({
src: true,
name: app.get('host'),
server: app.get('host'),
application: app.get('host'),
port: app.get('port'),
tags: ['routing'],
streams: [{
level: 'info',
type: "raw",
stream: process.stdout
},{
level: 'info',
type: "raw",
stream: bunyantcp.createStream({
host: serviceLogstashSettings.address,
port: serviceLogstashSettings.port
})
}],
level: 'debug'
});
我需要在 logstash 中安装哪些插件?我的 logstash.conf 文件需要如何查看才能将 "message" 字段更改为 json 字段?
这是一个好的开始。现在您需要做的就是在 tcp 输入中使用 json 编解码器将传入数据解析为 JSON,如下所示:
input {
tcp {
port => 5000
codec => `json`
}
}
我是 ELK Stack 的新手,所以请原谅我的基本问题。我想要实现的是使 "message" 字段成为 json 对象,以便我可以在 kibana 中对其进行过滤。当前消息如下所示:
{
"_index": "logstash-2017.01.16",
"_type": "logs",
"_id": "AVmpCcSiEWIcXZql",
"_score": null,
"_source": {
"@timestamp": "2017-01-16T20:48:26.688Z",
"port": 50018,
"@version": "1",
"host": "xxx.xx.x.xx",
"message": "{\"@timestamp\":\"2017-01-16T20:48:26.642Z\",\"message\":\"\",\"tags\":[\"routing\"],\"source\":\"81caea3a2960/node /usr/src/app/src\",\"level\":\"info\",\"name\":\"apiservice-app\",\"server\":\"apiservice-app\",\"application\":\"apiservice-app\",\"port\":8080,\"hostname\":\"81caea3a2960\",\"pid\":16,\"req\":{\"method\":\"GET\",\"url\":\"/twitter/local/lists\",\"headers\":{\"host\":\"xxx.xx.x.xx:8080\",\"connection\":\"close\"},\"body\":{},\"hostname\":\"xxx.xx.x.xx\",\"ip\":\"::ffff:xxx.xx.x.xx\",\"originalUrl\":\"/twitter/local/lists\",\"params\":{},\"path\":\"/twitter/local/lists\",\"query\":{}},\"src\":{\"file\":\"/usr/src/app/src/libs/logstash.js\",\"line\":68}"}",
"tags": []
},
"fields": {
"@timestamp": [
1484599706688
]
},
"sort": [
1484599706688
]
}
我的 logstash.conf 文件看起来像这样
input {
tcp {
port => 5000
}
}
output {
elasticsearch {
hosts => "elasticsearch:9200"
}
}
日志由 node.js 应用程序中的 buyan 记录器生成:
'use strict';
const bunyan = require('bunyan');
const bunyantcp = require('bunyan-logstash-tcp');
let log = bunyan.createLogger({
src: true,
name: app.get('host'),
server: app.get('host'),
application: app.get('host'),
port: app.get('port'),
tags: ['routing'],
streams: [{
level: 'info',
type: "raw",
stream: process.stdout
},{
level: 'info',
type: "raw",
stream: bunyantcp.createStream({
host: serviceLogstashSettings.address,
port: serviceLogstashSettings.port
})
}],
level: 'debug'
});
我需要在 logstash 中安装哪些插件?我的 logstash.conf 文件需要如何查看才能将 "message" 字段更改为 json 字段?
这是一个好的开始。现在您需要做的就是在 tcp 输入中使用 json 编解码器将传入数据解析为 JSON,如下所示:
input {
tcp {
port => 5000
codec => `json`
}
}