zoukankan      html  css  js  c++  java
  • logstash 删除message host字段

    [elk@node01 conf]$ cat t3.conf 
    input {
      syslog {
       port=>"514"
       }
    }
    
    output {  
            stdout {  
                codec => rubydebug  
            }  
          } 
    [elk@node01 conf]$ cat t4.conf 
    input {
       stdin{}
    }
    
    filter {  
        grok {  
            match => ["message", "%{IPORHOST:xxxx}"]  
        } 
    }
    output {  
            stdout {  
                codec => rubydebug  
            }  
          } 
    [elk@node01 conf]$ logstash -f t4.conf 
    Settings: Default pipeline workers: 4
    Pipeline main started
    192.168.137.1
    {
           "message" => "192.168.137.1",
          "@version" => "1",
        "@timestamp" => "2018-04-07T03:03:55.366Z",
              "host" => "node01",
              "xxxx" => "192.168.137.1"
    }
    
    [elk@node01 conf]$ 
    [elk@node01 conf]$ cat t4.conf 
    input {
       stdin{}
    }
    
    filter {  
        grok {  
            match => ["message", "%{IPORHOST:xxxx}"]  
        } 
     mutate {  
      remove_field =>["message"]
    }
    }
    output {  
            stdout {  
                codec => rubydebug  
            }  
          } 
    [elk@node01 conf]$ logstash -f t4.conf 
    Settings: Default pipeline workers: 4
    Pipeline main started
    192.168.137.1
    {
          "@version" => "1",
        "@timestamp" => "2018-04-07T03:07:02.258Z",
              "host" => "node01",
              "xxxx" => "192.168.137.1"
    }
    
    
    
    [elk@node01 conf]$ cat t4.conf 
    input {
       stdin{}
    }
    
    filter {  
        grok {  
            match => ["message", "%{IPORHOST:xxxx}"]  
        } 
     mutate {  
      remove_field =>["message"]
      remove_field =>["host"]
    }
    }
    output {  
            stdout {  
                codec => rubydebug  
            }  
          } 
    [elk@node01 conf]$ logstash -f t4.conf 
    Settings: Default pipeline workers: 4
    Pipeline main started
    192.168.137.1
    {
          "@version" => "1",
        "@timestamp" => "2018-04-07T03:08:35.546Z",
              "xxxx" => "192.168.137.1"
    }

  • 相关阅读:
    SQL中利用脚本恢复数据库
    SQL中如何检查死锁
    三个有用的SQL辅助工具
    企业报销系统完整设计方案(三)
    企业报销系统完整设计方案(二)
    企业报销系统完整设计方案
    Crystal Report在.net中的两种显示方式
    cacti 流量图合并
    Centos 7 配置邮件发送
    Centos 7 Ntop 流量分析 安装
  • 原文地址:https://www.cnblogs.com/hzcya1995/p/13349209.html
Copyright © 2011-2022 走看看