zoukankan html css js c++ java

logstash 删除message host字段

[elk@node01 conf]$ cat t3.conf 
input {
  syslog {
   port=>"514"
   }
}

output {  
        stdout {  
            codec => rubydebug  
        }  
      } 
[elk@node01 conf]$ cat t4.conf 
input {
   stdin{}
}

filter {  
    grok {  
        match => ["message", "%{IPORHOST:xxxx}"]  
    } 
}
output {  
        stdout {  
            codec => rubydebug  
        }  
      } 
[elk@node01 conf]$ logstash -f t4.conf 
Settings: Default pipeline workers: 4
Pipeline main started
192.168.137.1
{
       "message" => "192.168.137.1",
      "@version" => "1",
    "@timestamp" => "2018-04-07T03:03:55.366Z",
          "host" => "node01",
          "xxxx" => "192.168.137.1"
}

[elk@node01 conf]$ 
[elk@node01 conf]$ cat t4.conf 
input {
   stdin{}
}

filter {  
    grok {  
        match => ["message", "%{IPORHOST:xxxx}"]  
    } 
 mutate {  
  remove_field =>["message"]
}
}
output {  
        stdout {  
            codec => rubydebug  
        }  
      } 
[elk@node01 conf]$ logstash -f t4.conf 
Settings: Default pipeline workers: 4
Pipeline main started
192.168.137.1
{
      "@version" => "1",
    "@timestamp" => "2018-04-07T03:07:02.258Z",
          "host" => "node01",
          "xxxx" => "192.168.137.1"
}



[elk@node01 conf]$ cat t4.conf 
input {
   stdin{}
}

filter {  
    grok {  
        match => ["message", "%{IPORHOST:xxxx}"]  
    } 
 mutate {  
  remove_field =>["message"]
  remove_field =>["host"]
}
}
output {  
        stdout {  
            codec => rubydebug  
        }  
      } 
[elk@node01 conf]$ logstash -f t4.conf 
Settings: Default pipeline workers: 4
Pipeline main started
192.168.137.1
{
      "@version" => "1",
    "@timestamp" => "2018-04-07T03:08:35.546Z",
          "xxxx" => "192.168.137.1"
}

查看全文

相关阅读:
进阶之路 | 奇妙的Drawable之旅
 进阶之路 | 奇妙的Animation之旅
 进阶之路 | 奇妙的四大组件之旅
 Laravel
Laravel 入门
 面试：给我说说你平时是如何优化MySQL的？
EXPLAIN 查看 SQL 执行计划
 常见的图文布局
 常见的图文布局
 CSS3 的 filter(滤镜) 属性

原文地址：https://www.cnblogs.com/hzcya1995/p/13349209.html