91超碰碰碰碰久久久久久综合_超碰av人澡人澡人澡人澡人掠_国产黄大片在线观看画质优化_txt小说免费全本

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

Logstash基礎操作-Filter

發布時間:2020-06-14 13:46:10 來源:網絡 閱讀:336 作者:You0tech 欄目:系統運維

Grok配置案例:

##啟動文件配置:
#?Sample?Logstash?configuration?for?creating?a?simple
#?Beats?->?Logstash?->?Elasticsearch?pipeline.
input?{
??stdin{}
}
filter?{
grok?{
match?=>?["message","%{IP:clientip}\?\[%{HTTPDATE:timestamp}\]\
%{QS:referrer}\?%{NUMBER:response}\?%{NUMBER:bytes}"]
???}
}
output?{
??stdout{
????codec?=>?"rubydebug"
??}
}
##輸出文件內容
172.16.213.132?[07/Feb/2018:16:24:19?+0800]?"GET?/?HTTP/1.1"?403?5039
##顯示內容
{
??????"@version"?=>?"1",
????"@timestamp"?=>?2019-11-10T06:02:42.865Z,
??????????"host"?=>?"localhost.localdomain",
???????"message"?=>?"172.16.213.132?[07/Feb/2018:16:24:19?+0800]?\"GET?/?HTTP/1.1\"?403?5039",
?????"timestamp"?=>?"07/Feb/2018:16:24:19?+0800",
?????????"bytes"?=>?"5039",
??????"response"?=>?"403",
??????"clientip"?=>?"172.16.213.132",
??????"referrer"?=>?"\"GET?/?HTTP/1.1\""
}

Grok 過濾重復字段

##?配置文件
#?Sample?Logstash?configuration?for?creating?a?simple
#?Beats?->?Logstash?->?Elasticsearch?pipeline.
input?{
??stdin{
?}
}
filter?{
??grok?{
??match?=>?["message","%{IP:clientip}\?\[%{HTTPDATE:timestamp}\]\?
??%{QS:referrer}\?%{NUMBER:response}\?%{NUMBER:bytes}"]
??remove_field?=>?["message"]
???}
}
output?{
??stdout{
??codec?=>?"rubydebug"
??}
}

Grok搭配Date時間插件配置

#?Sample?Logstash?configuration?for?creating?a?simple
#?Beats?->?Logstash?->?Elasticsearch?pipeline.
input?{
??stdin{
??}
}
filter?{
grok?{
?match?=>?["message","%{IP:clientip}\?\[%{HTTPDATE:timestamp}\]\?
?%{QS:referrer}\?%{NUMBER:response}\?%{NUMBER:bytes}"]
?remove_field?=>?["message"]
???}
date?{
??match?=>?["timestamp",?"dd/MMMM/yyyy:HH:mm:ss?Z"]
??}
}
output?{
??stdout{
??codec?=>?"rubydebug"
??}
}

Date 過濾重復得字段配置

#?Sample?Logstash?configuration?for?creating?a?simple
#?Beats?->?Logstash?->?Elasticsearch?pipeline.
input?{
??stdin{
??}
}
filter?{
?grok?{
???match?=>?["message","%{IP:clientip}\?\[%{HTTPDATE:timestamp}\]\?
???%{QS:referrer}\?%{NUMBER:response}\?%{NUMBER:bytes}"]
???remove_field?=>?["message"]
???}
date?{
??match?=>?["timestamp",?"dd/MMMM/yyyy:HH:mm:ss?Z"]
??
??}
mutate?{
???remove_field?=>?[?"timestamp"?]??
??}
}
output?{
?stdout{
??codec?=>?"rubydebug"
??}
}

綜合練習配置參數

#?Sample?Logstash?configuration?for?creating?a?simple
#?Beats?->?Logstash?->?Elasticsearch?pipeline.
input?{
??stdin{
??}
}
filter?{
??grok?{
???match?=>?["message","%{IP:clientip}\?\[%{HTTPDATE:timestamp}\]\?
???%{QS:referrer}\?%{NUMBER:response}\?%{NUMBER:bytes}"]
???remove_field?=>?["message"]
??}
?date?{
??match?=>?["timestamp",?"dd/MMMM/yyyy:HH:mm:ss?Z"]?
??}
?mutate{
????rename?=>?{"response"?=>?"response_new"}
????gsub?=>?["referrer",?"\"",?""]
????remove_field?=>?[?"timestamp"?]
????split?=>?["clientip",?"."]
??}
}
output?{
?stdout{
??codec?=>?"rubydebug"
??}
}

Geoip 地理位置插件操作方式

#?Sample?Logstash?configuration?for?creating?a?simple
#?Beats?->?Logstash?->?Elasticsearch?pipeline.
input?{
??stdin{
??}
}
filter?{
????grok?{
?????match?=>?["message","%{IP:clientip}\?\[%{HTTPDATE:timestamp}\]\?
?????%{QS:referrer}\?%{NUMBER:response}\?%{NUMBER:bytes}"]
?????remove_field?=>?["message"]
???}
???date?{
????match?=>?["timestamp",?"dd/MMMM/yyyy:HH:mm:ss?Z"]?
??}
???mutate{
??????remove_field?=>?[?"timestamp"?]
??}
??geoip?{
????source?=>?"clientip"
????database?=>?"/usr/local/include/GeoLite2-ASN_20191105/GeoLite2-ASN.mmdb"
???}
}
output?{
??stdout{
????codec?=>?"rubydebug"
??}?
}

Geoip輸出指定屬性值

#?Sample?Logstash?configuration?for?creating?a?simple
#?Beats?->?Logstash?->?Elasticsearch?pipeline.
input?{
??stdin{
??}
}
filter?{
????grok?{
?????match?=>?["message","%{IP:clientip}\?\[%{HTTPDATE:timestamp}\]\?
?????%{QS:referrer}\?%{NUMBER:response}\?%{NUMBER:bytes}"]
?????remove_field?=>?["message"]
???}
???date?{
????match?=>?["timestamp",?"dd/MMMM/yyyy:HH:mm:ss?Z"]
??}
???mutate{
??????remove_field?=>?[?"timestamp"?]
??}
geoip?{
source?=>?"clientip"
#database?=>?"/usr/local/include/GeoLite2-Country_20191015/GeoLite2-Country.mmdb"
database?=>?"/usr/local/include/GeoLite2-City_20191105/GeoLite2-City.mmdb"
fields?=>?["city_name",?"region_name",?"country_name",?"ip",?"latitude",?"longitude",?"timezone"]
???}
}
output?{
??stdout{
????codec?=>?"rubydebug"
??}
}
模擬數據:
36.7.152.182?[07/Feb/2018:16:24:19?+0800]?"GET?/?HTTP/1.1"?403?5039

綜合實戰

#?Sample?Logstash?configuration?for?creating?a?simple
#?Beats?->?Logstash?->?Elasticsearch?pipeline.
input?{
??stdin{}
}
filter{
grok{
??match?=>?{"message"?=>?"%{TIMESTAMP_ISO8601:localtime}\|\~\|%{IP:clientip}
??\|\~\|%{GREEDYDATA:http_user_agent}\|\~\|%{GREEDYDATA:url}
??\|\~\|%{GREEDYDATA:mediaid}\|\~\|%{GREEDYDATA:osid}"}
??remove_field?=>?[?"message"?]
???}
date?{
????match?=>?["localtime",?"yyyy-MM-dd'T'HH:mm:ssZZ"]
????target?=>?"@timestamp"
???}
mutate?{
??????remove_field?=>?["localtime"]
???}
geoip?{
?source?=>?"clientip"
?#database?=>?"/usr/local/include/GeoLite2-Country_20191015/GeoLite2-Country.mmdb"
?database?=>?"/usr/local/include/GeoLite2-City_20191105/GeoLite2-City.mmdb"
?fields?=>?["city_name",?"region_name",?"country_name",?"ip",?"latitude",?"longitude",?"timezone"]
??}
}
output?{
???stdout?{
???codec?=>?"rubydebug"
???}
}
示例:2018-02-09T10:57:42+08:00|~|123.87.240.97|~|Mozilla/5.0
(iPhone;CPU?iPhone?OS?11_2_2?like?Mac?OS?X)
AppleWebKit/604.4.7?Version/11.0?Mobile/15C202?Safari/604.1
|~|http://m.sina.cn/cm/ads_ck_wap.html
|~|12434785489009|~|DF45566587855P



向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

潍坊市| 桐城市| 静海县| 阿拉尔市| 永善县| 蓝田县| 陕西省| 洪江市| 兰西县| 察雅县| 金华市| 宜兰市| 象山县| 乐业县| 肃南| 金阳县| 漠河县| 武定县| 正定县| 尚志市| 黑龙江省| 厦门市| 广宁县| 老河口市| 大姚县| 华阴市| 沅陵县| 灌云县| 阿鲁科尔沁旗| 甘南县| 澄城县| 泰宁县| 社旗县| 睢宁县| 南溪县| 嘉兴市| 万宁市| 崇明县| 韶山市| 安宁市| 中阳县|