grok这个插件包含了几百个正则的匹配
vim grok.conf
input {
file {
path => "/var/log/messages"
type => "system"
start_position => "beginning"
}
}
filter { grok { match => { "message" => "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" } } }
output {
stdout {
codec => "rubydebug"
}
}
/opt/logstash/bin/logstash -f grok.conf
输入:
55.3.244.1 GET /index.html 15824 0.043
输出:
