zoukankan html css js c++ java

grok 添加字段

filter {
    grok {
        match =>[ 
             "message","%{IPORHOST:clientip} [%{HTTPDATE:time}] "%{WORD:verb} %{URIPATHPARAM:request}?.* HTTP/%{NUMBER:httpversion}" - %{NUMBER:http_status_code} %{NUMBER:bytes} "(?

<http_referer>S+)" "(?<http_user_agent>(S+s+)*S+)" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)", 
             "message" , "%{IPORHOST:clientip} [%{HTTPDATE:time}] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}" - %{NUMBER:http_status_code} %{NUMBER:bytes} "(?

<http_referer>S+)" "(?<http_user_agent>(S+s+)*S+)" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)"
             
        ]
    }   
        geoip {
                        source => "http_x_forwarded_for"
                        target => "geoip"
                        database => "/usr/local/logstash-2.3.4/etc/GeoLiteCity.dat"
                        add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
                        add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]
                }
                mutate {
                        convert => [ "[geoip][coordinates]", "float"]
                }
     
}



/*******************

zjtest7-frontend:/usr/local/logstash-2.3.4/config# cat geoip.conf
input {stdin {} }

filter {
  geoip {
   source =>"message"
 }
} 


output {
      stdout {
               codec => rubydebug{}
                } 
}


zjtest7-frontend:/usr/local/logstash-2.3.4/config# ../bin/logstash -f geoip.conf
Settings: Default pipeline workers: 1
Pipeline main started
202.101.172.35
{
       "message" => "202.101.172.35",
      "@version" => "1",
    "@timestamp" => "2016-09-11T02:54:11.116Z",
          "host" => "0.0.0.0",
         "geoip" => {
                    "ip" => "202.101.172.35",
         "country_code2" => "CN",
         "country_code3" => "CHN",
          "country_name" => "China",
        "continent_code" => "AS",
              "latitude" => 35.0,
             "longitude" => 105.0,
              "location" => [
            [0] 105.0,
            [1] 35.0
        ]
    }
}


/*******************添加字段
zjtest7-frontend:/usr/local/logstash-2.3.4/config# cat geoip.conf
input {stdin {} }

filter {
  geoip {
   source =>"message"
  add_field => [ "[geoip][scantest]", "%{[geoip][location][0]}" ]
 }
} 


output {
      stdout {
               codec => rubydebug{}
                } 
}

zjtest7-frontend:/usr/local/logstash-2.3.4/config# ../bin/logstash -f geoip.conf
Settings: Default pipeline workers: 1
Pipeline main started
202.101.172.35
{
       "message" => "202.101.172.35",
      "@version" => "1",
    "@timestamp" => "2016-09-11T02:57:07.832Z",
          "host" => "0.0.0.0",
         "geoip" => {
                    "ip" => "202.101.172.35",
         "country_code2" => "CN",
         "country_code3" => "CHN",
          "country_name" => "China",
        "continent_code" => "AS",
              "latitude" => 35.0,
             "longitude" => 105.0,
              "location" => [
            [0] 105.0,
            [1] 35.0
        ],
              "scantest" => 105.0
    }
}

查看全文

相关阅读:
CF1066D Boxes Packing
luogu P2508 [HAOI2008]圆上的整点
 luogu P2502 [HAOI2006]旅行
 luogu P2511 [HAOI2008]木棍分割
 luogu P4161 [SCOI2009]游戏
 luogu P4160 [SCOI2009]生日快乐
 windows2012系统IE浏览器无法打开加载flashplayer内容
 kvm虚拟机相关
 esxI开启虚拟化
 Termux 详细安装

原文地址：https://www.cnblogs.com/hzcya1995/p/13350283.html