zoukankan html css js c++ java

logstash 删除message host字段

[elk@node01 conf]$ cat t3.conf 
input {
  syslog {
   port=>"514"
   }
}

output {  
        stdout {  
            codec => rubydebug  
        }  
      } 
[elk@node01 conf]$ cat t4.conf 
input {
   stdin{}
}

filter {  
    grok {  
        match => ["message", "%{IPORHOST:xxxx}"]  
    } 
}
output {  
        stdout {  
            codec => rubydebug  
        }  
      } 
[elk@node01 conf]$ logstash -f t4.conf 
Settings: Default pipeline workers: 4
Pipeline main started
192.168.137.1
{
       "message" => "192.168.137.1",
      "@version" => "1",
    "@timestamp" => "2018-04-07T03:03:55.366Z",
          "host" => "node01",
          "xxxx" => "192.168.137.1"
}

[elk@node01 conf]$ 
[elk@node01 conf]$ cat t4.conf 
input {
   stdin{}
}

filter {  
    grok {  
        match => ["message", "%{IPORHOST:xxxx}"]  
    } 
 mutate {  
  remove_field =>["message"]
}
}
output {  
        stdout {  
            codec => rubydebug  
        }  
      } 
[elk@node01 conf]$ logstash -f t4.conf 
Settings: Default pipeline workers: 4
Pipeline main started
192.168.137.1
{
      "@version" => "1",
    "@timestamp" => "2018-04-07T03:07:02.258Z",
          "host" => "node01",
          "xxxx" => "192.168.137.1"
}



[elk@node01 conf]$ cat t4.conf 
input {
   stdin{}
}

filter {  
    grok {  
        match => ["message", "%{IPORHOST:xxxx}"]  
    } 
 mutate {  
  remove_field =>["message"]
  remove_field =>["host"]
}
}
output {  
        stdout {  
            codec => rubydebug  
        }  
      } 
[elk@node01 conf]$ logstash -f t4.conf 
Settings: Default pipeline workers: 4
Pipeline main started
192.168.137.1
{
      "@version" => "1",
    "@timestamp" => "2018-04-07T03:08:35.546Z",
          "xxxx" => "192.168.137.1"
}

查看全文

相关阅读:
1265 四点共面
 1003 阶乘后面0的数量
 1080 两个数的平方和
 1090 3个数和为0
1087 1 10 100 1000
1082 与7无关的数
 OpenLayers工作原理
 CI（持续集成）CD（持续交付）
打包命令
 文件与目录管理重点

原文地址：https://www.cnblogs.com/hzcya1995/p/13349209.html