Logstash常用filter实现的功能

1、截取带有文件路径字段中的文件名

filter{
 grok {
    match => {
      "[log][file][path]" => "%{GREEDYDATA}/%{GREEDYDATA:app}-access.log"
    }
  }
}

2、删除json字段

filter{
  mutate {
      remove_field => [ "@timestamp" , "headers" , "response.data"]
      gsub => ["message", "\\\", ""]
    }
}
Copyright Curiouser all right reserved,powered by Gitbook该文件最后修改时间: 2022-05-16 17:26:46

results matching ""

    No results matching ""