作者:lylmwt | 来源:互联网 | 2023-10-10 21:29
logstash处理[2020121208:08:08.888][RROR][example][rce]数据[elk@node2conf]$catlogstash04.confi
logstash 处理 '[20201212 08:08:08.888][RROR][example][rce]' 数据
[elk@node2 conf]$ cat logstash04.conf
input {
file {
path=>["/home/elk/conf/test.txt"]
type=>"system"
}
}
filter {
mutate {
add_field =>["newmessage","%{type}=%{message}"]
}
}
filter {
grok {
match => ["message", ".*?\[(?
}
date {
match => ["time","yyyymmdd HH:mm:ss.SSS"]
add_field =>{'zjzc' => "helloworld ,from %{syslog_timestamp}"}
add_tag => [ "foo_%{str}","tdd_%{syslog_timestamp}" ]
}
}
{
"m
京公网安备 11010802041100号