https://github.com/dtstack/jlogstash-filter-plugin
java 版本 logstash filter 插件
https://github.com/dtstack/jlogstash-filter-plugin
logstash
Last synced: 9 months ago
JSON representation
java 版本 logstash filter 插件
- Host: GitHub
- URL: https://github.com/dtstack/jlogstash-filter-plugin
- Owner: DTStack
- License: apache-2.0
- Created: 2016-09-02T04:06:21.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2018-10-09T08:20:05.000Z (over 7 years ago)
- Last Synced: 2024-02-25T12:37:52.185Z (almost 2 years ago)
- Topics: logstash
- Language: Java
- Size: 1.69 MB
- Stars: 7
- Watchers: 7
- Forks: 10
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Add:
fields: 必填 map结构({"host":"hostname","ip":"%{ip}%"})
hostname: 本生是event里的属性,则就会取event.hostname里的值,没有就是原声的字符串hostname,
%{ip}% 这样就表示调用内置函数获取本机ip
现在的内置函数有hostname,timestamp,ip
# DateISO8601:
match: 必填 map结构({"timestamp":{"srcFormat":"dd/MMM/yyyy:HH:mm:ss Z","target":"timestamp","locale":"en"}})
# Remove:
fields:必填 list结构
removeNULL:默认值false ,是否删除null或空字符串字段
# Rename:
fields:必填 map结构{"oldname":"newname"}
# IpIp:
source: 默认值 clientip 需要解析的ip
target: 默认值 ipip
size: 默认值 5000
# UA:
source:必填 需要解析属性
# JGrok:
srcs:必填 list 结构,需要通过jgrok解析的字段(["ip"])
patterns:必填 map结构,自定义的正则表达式,{"ip":"(?\[0-9A-B])"} 如果:grok自带的已经有了,正则表达式不需要写,列如:{"%{COMBINEDAPACHELOG}":""}
# Json:
fields: 必填 map 结构 example {"messgae":"messgae1"} 源属性是message 目标属性message1,没有目标属性可以为“”
# Java:
code: 必填,String类型 。
示例:
```
filters:
- Java:
code: '
Object name = event.get("NAME");
event.put("XM", name);
'
```
# Performance:
interval: 数据刷入文件的间隔时间,默认30秒
timeZone: 时区 默认UTC
path: 文件路径(home/admin/jlogserver/logs/srsyslog-performance-%{+YYYY.MM.dd}.txt)必填