zoukankan html css js c++ java

tag_on_failure => [] # prevent default _grokparsefailure tag on real records

[elk@zjtest7-frontend config]$ cat stdin04.conf 
input {
    stdin {
    }
}
filter {
  # drop sleep events
  grok {
    match => { "message" => "SELECT SLEEP" }
    add_tag => [ "sleep_drop" ]
#    tag_on_failure => [] # prevent default _grokparsefailure tag on real records
  }
  if "sleep_drop" in [tags] {
    drop {}
  }
}

output {
 stdout {
  codec=>rubydebug{}
   }
 }

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin04.conf 
Settings: Default pipeline workers: 1
Pipeline main started
SELECT SLEEP
SELECT SLEEP1
ddd
{
       "message" => "ddd",
      "@version" => "1",
    "@timestamp" => "2016-09-15T04:36:14.172Z",
          "host" => "0.0.0.0",
          "tags" => [
        [0] "_grokparsefailure"
    ]
}
SELECT SLEEPtetwet
ffsf
{
       "message" => "ffsf",
      "@version" => "1",
    "@timestamp" => "2016-09-15T04:36:31.788Z",
          "host" => "0.0.0.0",
          "tags" => [
        [0] "_grokparsefailure"
    ]
}

/***********************
[elk@zjtest7-frontend config]$ cat stdin04.conf 
input {
    stdin {
    }
}
filter {
  # drop sleep events
  grok {
    match => { "message" => "SELECT SLEEP" }
    add_tag => [ "sleep_drop" ]
    tag_on_failure => [] # prevent default _grokparsefailure tag on real records
  }
  if "sleep_drop" in [tags] {
    drop {}
  }
}

output {
 stdout {
  codec=>rubydebug{}
   }
 }

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin04.conf 
Settings: Default pipeline workers: 1
Pipeline main started
SELECT SLEEP
SELECT SLEEP4242
ffs
{
       "message" => "ffs",
      "@version" => "1",
    "@timestamp" => "2016-09-15T04:37:57.356Z",
          "host" => "0.0.0.0"
}

查看全文

相关阅读:
Vue 组件之间传值(父子组件传值，vuex传值)
利用computed和watch实现监听Vuex状态监听
 ESlint+VSCode自动格式化
 MySQL之分组查询（DQL）
MySQL之排序查询（DQL）
MySQL之条件查询（DQL）
MySQL之概述
 jQuery之轮播图
 jQuery之添加删除记录
 jQuery之爱好选择

原文地址：https://www.cnblogs.com/zhaoyangjian724/p/6199205.html