zjtest7-frontend:/usr/local/logstash-2.3.4/bin# ./logstash -e 'input{stdin{}} output{stdout{codec=>rubydebug}}'
Settings: Default pipeline workers: 1
Pipeline main started
Hello World
{
"message" => "Hello World",
"@version" => "1",
"@timestamp" => "2016-08-25T02:19:18.694Z",
"host" => "0.0.0.0"
}
Logstash会给事件添加一些额外的信息。最重要的就是 @timestamp ,用来标记事件的发生时间。
{
"message" => " www.zjcap.cn 10.168.29.17 10.171.246.184 [25/Aug/2016:10:30:12 +0800] "GET
/resources/images/index/milestone/milestone_18.jpg HTTP/1.1" - 200 30049 "https://www.zjcap.cn/" "Mozilla/5.0
(Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" 0.001 -",
"@version" => "1",
"@timestamp" => "2016-08-25T02:30:13.679Z",
"path" => "/data01/applog_backup/zjzc_log/zj-frontend02-access.2016-08-25",
"host" => "dr-mysql01.zjcap.com",
"type" => "zj_frontend_access",
"tags" => [
[0] "_grokparsefailure"
]
}
host 标记事件发生在哪里
type 标记事件的唯一类型