[elk@node01 conf]$ cat t3.conf
input {
syslog {
port=>"514"
}
}
output {
stdout {
codec => rubydebug
}
}
[elk@node01 conf]$ cat t4.conf
input {
stdin{}
}
filter {
grok {
match => ["message", "%{IPORHOST:xxxx}"]
}
}
output {
stdout {
codec => rubydebug
}
}
[elk@node01 conf]$ logstash -f t4.conf
Settings: Default pipeline workers: 4
Pipeline main started
192.168.137.1
{
"message" => "192.168.137.1",
"@version" => "1",
"@timestamp" => "2018-04-07T03:03:55.366Z",
"host" => "node01",
"xxxx" => "192.168.137.1"
}
[elk@node01 conf]$
[elk@node01 conf]$ cat t4.conf
input {
stdin{}
}
filter {
grok {
match => ["message", "%{IPORHOST:xxxx}"]
}
mutate {
remove_field =>["message"]
}
}
output {
stdout {
codec => rubydebug
}
}
[elk@node01 conf]$ logstash -f t4.conf
Settings: Default pipeline workers: 4
Pipeline main started
192.168.137.1
{
"@version" => "1",
"@timestamp" => "2018-04-07T03:07:02.258Z",
"host" => "node01",
"xxxx" => "192.168.137.1"
}
[elk@node01 conf]$ cat t4.conf
input {
stdin{}
}
filter {
grok {
match => ["message", "%{IPORHOST:xxxx}"]
}
mutate {
remove_field =>["message"]
remove_field =>["host"]
}
}
output {
stdout {
codec => rubydebug
}
}
[elk@node01 conf]$ logstash -f t4.conf
Settings: Default pipeline workers: 4
Pipeline main started
192.168.137.1
{
"@version" => "1",
"@timestamp" => "2018-04-07T03:08:35.546Z",
"xxxx" => "192.168.137.1"
}
logstash 删除message host字段
猜你喜欢
转载自blog.csdn.net/zhaoyangjian724/article/details/80364499
今日推荐
周排行