"message" => " 10.171.246.184 [11/Sep/2016:14:42:53 +0800] \"GET /wechat/home.html?useragent=android_h5_zjcap&apiver=2 HTTP/1.1\" - 200 11601 \"-\" \"okhttp/2.6.0\" 0.001 182.239.100.236", "@version" => "1", "@timestamp" => "2016-09-11T06:43:14.948Z", "path" => "/data01/applog_backup/zjzc_log/zj-frontend01-access.2016-09-11", "host" => "dr-mysql01.zjcap.com", "type" => "zj_frontend_access", "clientip" => "10.171.246.184", "time" => "11/Sep/2016:14:42:53 +0800", "verb" => "GET", "request" => "/wechat/home.html", "httpversion" => "1.1", "http_status_code" => "200", "bytes" => "11601", "http_referer" => "-", "http_user_agent" => "okhttp/2.6.0", "request_time" => 0.001, "http_x_forwarded_for" => "182.239.100.236", "geoip" => { "ip" => "182.239.100.236", "country_code2" => "HK", "country_code3" => "HKG", "country_name" => "Hong Kong", "continent_code" => "AS", "region_name" => "00", "city_name" => "Kwai Chung", "latitude" => 22.349999999999994, "longitude" => 114.13330000000002, "timezone" => "Asia/Hong_Kong", "location" => [ [0] 114.13330000000002, [1] 22.349999999999994 ], "coordinates" => [ [0] 114.13330000000002, [1] 22.349999999999994 ] } } filter { grok { match =>[ "message","%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request}\?.* HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)", "message" , "%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)" ] } geoip { source => "http_x_forwarded_for" target => "geoip" database => "/usr/local/logstash-2.3.4/etc/GeoLiteCity.dat" add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ] add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ] } mutate { convert => [ "[geoip][coordinates]", "float"] convert => [ "request_time", "float"] add_field =>["[geoip][request_time]","%{request_time}"] } } "message" => " 10.252.142.174 [11/Sep/2016:14:45:24 +0800] \"GET /wechat/images/about/lss.7dcc3a4c.png HTTP/1.1\" - 200 5147 \"https://www.zjcap.cn/wechat/safe.html?useragent=android_h5_zjcap\" \"Mozilla/5.0 (Linux; Android 6.0; HUAWEI NXT-L29 Build/HUAWEINXT-L29; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.98 Mobile Safari/537.36 android_h5_zjcap\" 0.000 182.239.100.236", "@version" => "1", "@timestamp" => "2016-09-11T06:47:02.315Z", "path" => "/data01/applog_backup/zjzc_log/zj-frontend02-access.2016-09-11", "host" => "dr-mysql01.zjcap.com", "type" => "zj_frontend_access", "clientip" => "10.252.142.174", "time" => "11/Sep/2016:14:45:24 +0800", "verb" => "GET", "request" => "/wechat/images/about/lss.7dcc3a4c.png", "httpversion" => "1.1", "http_status_code" => "200", "bytes" => "5147", "http_referer" => "https://www.zjcap.cn/wechat/safe.html?useragent=android_h5_zjcap", "http_user_agent" => "Mozilla/5.0 (Linux; Android 6.0; HUAWEI NXT-L29 Build/HUAWEINXT-L29; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.98 Mobile Safari/537.36 android_h5_zjcap", "request_time" => 0.0, "http_x_forwarded_for" => "182.239.100.236", "geoip" => { "ip" => "182.239.100.236", "country_code2" => "HK", "country_code3" => "HKG", "country_name" => "Hong Kong", "continent_code" => "AS", "region_name" => "00", "city_name" => "Kwai Chung", "latitude" => 22.349999999999994, "longitude" => 114.13330000000002, "timezone" => "Asia/Hong_Kong", "location" => [ [0] 114.13330000000002, [1] 22.349999999999994 ], "coordinates" => [ [0] 114.13330000000002, [1] 22.349999999999994 ], "request_time" => 0.0 } } 给 geoip 添加一列,add_field =>["[geoip][request_time]","%{request_time}"]
geoip 添加一列,add_field =>["[geoip][request_time]","%{request_time}"]
转载本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
提问和评论都可以,用心的回复会被更多人看到
评论
发布评论
相关文章
-
python并发执行request请求
本文详细介绍了Python并发执行Request请求的方法示例,给出了详细的代码示例,同时也介绍了Python中实现并发编程的方法。
Python HTTP python 并发执行request -
Python内置模块-Time
time模块包含了一些函数用于获取时钟时间和处理器的运行时间,还提供了基本解析和字符串格式化工具。
python time python内置模块