"message" => " 10.171.246.184 [11/Sep/2016:14:42:53 +0800] \"GET /wechat/home.html?useragent=android_h5_zjcap&apiver=2 HTTP/1.1\" - 200 11601 \"-\" \"okhttp/2.6.0\" 0.001 182.239.100.236",

                "@version" => "1",

              "@timestamp" => "2016-09-11T06:43:14.948Z",

                    "path" => "/data01/applog_backup/zjzc_log/zj-frontend01-access.2016-09-11",

                    "host" => "dr-mysql01.zjcap.com",

                    "type" => "zj_frontend_access",

                "clientip" => "10.171.246.184",

                    "time" => "11/Sep/2016:14:42:53 +0800",

                    "verb" => "GET",

                 "request" => "/wechat/home.html",

             "httpversion" => "1.1",

        "http_status_code" => "200",

                   "bytes" => "11601",

            "http_referer" => "-",

         "http_user_agent" => "okhttp/2.6.0",

            "request_time" => 0.001,

    "http_x_forwarded_for" => "182.239.100.236",

                   "geoip" => {

                    "ip" => "182.239.100.236",

         "country_code2" => "HK",

         "country_code3" => "HKG",

          "country_name" => "Hong Kong",

        "continent_code" => "AS",

           "region_name" => "00",

             "city_name" => "Kwai Chung",

              "latitude" => 22.349999999999994,

             "longitude" => 114.13330000000002,

              "timezone" => "Asia/Hong_Kong",

              "location" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ],

           "coordinates" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ]

    }

}

filter {

    grok {

        match =>[

             "message","%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request}\?.* HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)",

             "message" , "%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)"

        ]

    }

        geoip {

                        source => "http_x_forwarded_for"

                        target => "geoip"

                        database => "/usr/local/logstash-2.3.4/etc/GeoLiteCity.dat"

                        add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]

                        add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]

                }

                mutate {

                        convert => [ "[geoip][coordinates]", "float"]

                        convert => [ "request_time", "float"]

                       add_field =>["[geoip][request_time]","%{request_time}"]

                }

}

                 "message" => " 10.252.142.174 [11/Sep/2016:14:45:24 +0800] \"GET /wechat/images/about/lss.7dcc3a4c.png HTTP/1.1\" - 200 5147 \"https://www.zjcap.cn/wechat/safe.html?useragent=android_h5_zjcap\" \"Mozilla/5.0 (Linux; Android 6.0; HUAWEI NXT-L29 Build/HUAWEINXT-L29; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.98 Mobile Safari/537.36 android_h5_zjcap\" 0.000 182.239.100.236",

                "@version" => "1",

              "@timestamp" => "2016-09-11T06:47:02.315Z",

                    "path" => "/data01/applog_backup/zjzc_log/zj-frontend02-access.2016-09-11",

                    "host" => "dr-mysql01.zjcap.com",

                    "type" => "zj_frontend_access",

                "clientip" => "10.252.142.174",

                    "time" => "11/Sep/2016:14:45:24 +0800",

                    "verb" => "GET",

                 "request" => "/wechat/images/about/lss.7dcc3a4c.png",

             "httpversion" => "1.1",

        "http_status_code" => "200",

                   "bytes" => "5147",

            "http_referer" => "https://www.zjcap.cn/wechat/safe.html?useragent=android_h5_zjcap",

         "http_user_agent" => "Mozilla/5.0 (Linux; Android 6.0; HUAWEI NXT-L29 Build/HUAWEINXT-L29; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.98 Mobile Safari/537.36 android_h5_zjcap",

            "request_time" => 0.0,

    "http_x_forwarded_for" => "182.239.100.236",

                   "geoip" => {

                    "ip" => "182.239.100.236",

         "country_code2" => "HK",

         "country_code3" => "HKG",

          "country_name" => "Hong Kong",

        "continent_code" => "AS",

           "region_name" => "00",

             "city_name" => "Kwai Chung",

              "latitude" => 22.349999999999994,

             "longitude" => 114.13330000000002,

              "timezone" => "Asia/Hong_Kong",

              "location" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ],

           "coordinates" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ],

          "request_time" => 0.0

    }

}

给 geoip 添加一列,add_field =>["[geoip][request_time]","%{request_time}"]

geoip 添加一列,add_field =>["[geoip][request_time]","%{request_time}"]的更多相关文章

  1. 给numpy矩阵添加一列

    问题的定义: 首先我们有一个数据是一个mn的numpy矩阵现在我们希望能够进行给他加上一列变成一个m(n+1)的矩阵 import numpy as np a = np.array([[1,2,3], ...

  2. GridView 动态添加绑定列和模板列

    动态添加绑定列很简单:例如: GridView1.DataSourceID = "SqlDataSource1"; BoundField bf1 = new BoundField( ...

  3. DataGridView中添加CheckBox列用于选择行

    DataGridView中添加CheckBox列用于选择行 1,编辑DataGridView,添加一列 CheckBox ,Name 赋值为 "select",如下图: 2,取消 ...

  4. ASP.NET 为GridView添加序号列,且支持分页连续累计显示

    为GridView添加序号列,且支持分页连续累计显示,废话不多说,直接上代码: <%@ Page Language="C#" AutoEventWireup="tr ...

  5. mysql修改表名,列名,列类型,添加表列,删除表列

    alter table test rename test1; --修改表名 ); --添加表列 alter table test drop column name; --删除表列 ) --修改表列类型 ...

  6. Mysql下在某一列后即表的某一位置添加新列的sql语句

    Mysql简介 MySQL是一个开放源码的小型关联式数据库管理系统,开发者为瑞典MySQL AB公司.MySQL被广泛地应用在Internet上的中小型网站中.由于其体积小.速度快.总体拥有成本低,尤 ...

  7. GridControl控件添加按钮列及在按钮Click事件中得到行数据 zt

    在GridControl中添加按钮列的步骤如下: 1. 把列的ColumnEdit属性设置为RepositoryItemButtonEdit 2. 把TextEditStyle属性设置为HideTex ...

  8. [Ext JS 4] 实战之Grid, Tree Gird 添加按钮列

    引言 贴一个grid 的例子先: 有这样一个需求: 1. 给 Grid(or Tree Grid)添加一列, 这一列显示是Button. 点击之后可以对这一行进行一些操作 2. 这一列每一行对应的按钮 ...

  9. ASP.NET repeater添加序号列的方法

    ASP.NET repeater添加序号列的方法 1.<itemtemplate> <tr><td> <%# Container.ItemIndex + 1% ...

随机推荐

  1. 8.1 Optimization Overview

    8.1 Optimization Overview 8.1 Optimization Overview 8.2 Optimizing SQL Statements 8.3 Optimization a ...

  2. iptables 必须先拒绝所有,在允许

    <pre name="code" class="html">[root@wx02 ~]# cat /etc/sysconfig/iptables # ...

  3. Linux企业级项目实践之网络爬虫(18)——队列处理

    所有的URL都接受管理,并在此进行流动.URL从管理模块的存储空间开始,一直到最后输出给磁盘上的URL索引,都由此部分调度.首先,给出URL调度的一般过程,如图所示.其流程的各个具体操作,后面详述.要 ...

  4. 2014.7.7 模拟赛【小K的农场】

    3.小K的农场(farm.pas/cpp/c) [题目描述] 小K在MC里面建立很多很多的农场,总共n个,以至于他自己都忘记了每个农场中种植作物的具体数量了,他只记得一些含糊的信息(共m个),以下列三 ...

  5. MySql 查询表字段数

    MySql 查询表字段数 SELECT COUNT(*) FROM information_schema.columns WHERE table_schema='test_cases' AND tab ...

  6. NSTimer 详细设置

    NSTimer 详细设置1:http://blog.csdn.net/davidsph/article/details/7899483 NSTimer 详细设置2:http://blog.csdn.n ...

  7. TI C66x DSP 系统events及其应用 - 5.1(QM accumulator的配置)

    以下解说在详细应用中,event与中断ISR的设置.以对QM的queue监控产生中断(不是EXCEP)为例,主要包含配置QM accumulator(用于监控QM queue)与配置ISR(ISR与e ...

  8. 数学之路(3)-机器学习(3)-机器学习算法-PCA

    PCA 主成分分析(Principal components analysis,PCA),维基百科给出一个较容易理解的定义:“PCA是一个正交化线性变换,把数据变换到一个新的坐标系统中,使得这一数据的 ...

  9. c++11 线程:让你的多线程任务更轻松

      介绍 本文旨在帮助有经验的Win32程序员来了解c++ 11线程库及同步对象 和 Win32线程及同步对象之间的区别和相似之处. 在Win32中,所有的同步对象句柄(HANDLE)是全局句柄.它们 ...

  10. QTP描述性编程中往WebEdit控件输入文字问题

    在网上查找到许多相关的描述性编程的案例,自己就想动手一试,于是在专家视图中输入如下代码: systemUtil.Run "http://www.baidu.com" wait(15 ...