zoukankan html css js c++ java

tag_on_failure => [] # prevent default _grokparsefailure tag on real records

[elk@zjtest7-frontend config]$ cat stdin04.conf 
input {
    stdin {
    }
}
filter {
  # drop sleep events
  grok {
    match => { "message" => "SELECT SLEEP" }
    add_tag => [ "sleep_drop" ]
#    tag_on_failure => [] # prevent default _grokparsefailure tag on real records
  }
  if "sleep_drop" in [tags] {
    drop {}
  }
}

output {
 stdout {
  codec=>rubydebug{}
   }
 }

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin04.conf 
Settings: Default pipeline workers: 1
Pipeline main started
SELECT SLEEP
SELECT SLEEP1
ddd
{
       "message" => "ddd",
      "@version" => "1",
    "@timestamp" => "2016-09-15T04:36:14.172Z",
          "host" => "0.0.0.0",
          "tags" => [
        [0] "_grokparsefailure"
    ]
}
SELECT SLEEPtetwet
ffsf
{
       "message" => "ffsf",
      "@version" => "1",
    "@timestamp" => "2016-09-15T04:36:31.788Z",
          "host" => "0.0.0.0",
          "tags" => [
        [0] "_grokparsefailure"
    ]
}

/***********************
[elk@zjtest7-frontend config]$ cat stdin04.conf 
input {
    stdin {
    }
}
filter {
  # drop sleep events
  grok {
    match => { "message" => "SELECT SLEEP" }
    add_tag => [ "sleep_drop" ]
    tag_on_failure => [] # prevent default _grokparsefailure tag on real records
  }
  if "sleep_drop" in [tags] {
    drop {}
  }
}

output {
 stdout {
  codec=>rubydebug{}
   }
 }

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin04.conf 
Settings: Default pipeline workers: 1
Pipeline main started
SELECT SLEEP
SELECT SLEEP4242
ffs
{
       "message" => "ffs",
      "@version" => "1",
    "@timestamp" => "2016-09-15T04:37:57.356Z",
          "host" => "0.0.0.0"
}

查看全文

相关阅读:
悟透JavaScript（理解js面向对象)(转)
spark相关问题
 hive常见问题以及解析
 visual studio code添加leetcode插件
 阿里云oss的使用
 Poi工具类快速生成Ecxel(升级版)
linux实现增量拷贝数据，代替scp
nginx实现均衡负载
 idea 程序包不存在解决办法
 通过word文件模板生成word文件

原文地址：https://www.cnblogs.com/zhaoyangjian724/p/6199205.html