我的日志是这样的:使用filebeat,logstash和elasticsearch发送json格式的日志到kibana?
{"logId":"57aaf6c8d32fb","clientIp":"127.0.0.1","time":"03:11:29 pm","uniqueSubId":"57aaf6c98963b","channelName":"JSPC","apiVersion":"v1","modulName":null,"actionName":"apiRequest","typeOfError":"","statusCode":"","message":"In Auth","exception":"In Auth","logType":"Info"}
{"logId":"57aaf6c8d32fb","clientIp":"127.0.0.1","time":"03:11:29 pm","uniqueSubId":"57aaf6c987206","channelName":"JSPC","apiVersion":"v2","modulName":null,"actionName":"performV2","typeOfError":"","statusCode":"","message":"in inbox api v2 5","exception":"in inbox api v2 5","logType":"Info"}
我想他们推到kibana
。我使用filebeat将数据发送到logstash,采用以下配置:
filebeat.yml
### Logstash as output
logstash:
# The Logstash hosts
hosts: ["localhost:5044"]
# Number of workers per Logstash host.
#worker: 1
现在用下面的配置,我想改变编解码器类型:
input {
beats {
port => 5000
tags => "beats"
codec => "json_lines"
#ssl => true
#ssl_certificate => "/opt/filebeats/logs.example.com.crt"
#ssl_key => "/opt/filebeats/logs.example.com.key"
}
syslog {
type => "syslog"
port => "5514"
}
}
但是,我仍然得到日志字符串格式:
“message”:“{\”logId \“:\”57aaf6c96224b \“,\”clientIp \“:\”127.0.0.1 \“,\”time \“:\”03:11:29 PM \”,\ “CHANNELNAME \”:\ “JSPC \”,\ “apiVersion \”:空,\ “modulName \”:空,\ “actionName \”:\ “404 \”,\ “typeOfError \”: \“EXCEPTION \”,\“statusCode \”:0,\“message \”:\“404页面遇到http: \/\/localjs.com \ /上传\/NonScreenedImages \/profilePic120 \/16 \/29 \ /15997002iicee52ad041fed55e952d4e4e163d5972ii4c41f8845105429abbd11cc184d0e330.jpeg \ “\ ”日志类型\“:\ ”错误\“}”,
请帮助我解决这个问题。
使你在filebeat.yml文件中提到的变化,下面的logstash配置工作:'输入{ 节拍{ 端口=> 5044 } } 滤波器{ 如果[标签] [JSON] { JSON { 源=> “消息” } } } 输出{ elasticsearch { 主机=> “本地主机:9200” manage_template =>假 指数=>“%{[@元数据] [击败]} - %{+ YYYY.MM.dd}“ docume nt_type =>“%{[@ metadata] [type]}” } } ',而不是您的配置。谢谢您的帮助。 – learner