zoukankan html css js c++ java

logstash 删除message host字段

[elk@node01 conf]$ cat t3.conf 
input {
  syslog {
   port=>"514"
   }
}

output {  
        stdout {  
            codec => rubydebug  
        }  
      } 
[elk@node01 conf]$ cat t4.conf 
input {
   stdin{}
}

filter {  
    grok {  
        match => ["message", "%{IPORHOST:xxxx}"]  
    } 
}
output {  
        stdout {  
            codec => rubydebug  
        }  
      } 
[elk@node01 conf]$ logstash -f t4.conf 
Settings: Default pipeline workers: 4
Pipeline main started
192.168.137.1
{
       "message" => "192.168.137.1",
      "@version" => "1",
    "@timestamp" => "2018-04-07T03:03:55.366Z",
          "host" => "node01",
          "xxxx" => "192.168.137.1"
}

[elk@node01 conf]$ 
[elk@node01 conf]$ cat t4.conf 
input {
   stdin{}
}

filter {  
    grok {  
        match => ["message", "%{IPORHOST:xxxx}"]  
    } 
 mutate {  
  remove_field =>["message"]
}
}
output {  
        stdout {  
            codec => rubydebug  
        }  
      } 
[elk@node01 conf]$ logstash -f t4.conf 
Settings: Default pipeline workers: 4
Pipeline main started
192.168.137.1
{
      "@version" => "1",
    "@timestamp" => "2018-04-07T03:07:02.258Z",
          "host" => "node01",
          "xxxx" => "192.168.137.1"
}



[elk@node01 conf]$ cat t4.conf 
input {
   stdin{}
}

filter {  
    grok {  
        match => ["message", "%{IPORHOST:xxxx}"]  
    } 
 mutate {  
  remove_field =>["message"]
  remove_field =>["host"]
}
}
output {  
        stdout {  
            codec => rubydebug  
        }  
      } 
[elk@node01 conf]$ logstash -f t4.conf 
Settings: Default pipeline workers: 4
Pipeline main started
192.168.137.1
{
      "@version" => "1",
    "@timestamp" => "2018-04-07T03:08:35.546Z",
          "xxxx" => "192.168.137.1"
}

查看全文

相关阅读:
SQL中利用脚本恢复数据库
 SQL中如何检查死锁
 三个有用的SQL辅助工具
 企业报销系统完整设计方案（三）
企业报销系统完整设计方案(二）
企业报销系统完整设计方案
 Crystal Report在.net中的两种显示方式
 cacti 流量图合并
 Centos 7 配置邮件发送
 Centos 7 Ntop 流量分析安装

原文地址：https://www.cnblogs.com/hzcya1995/p/13349209.html