"message" => " 10.171.246.184 [11/Sep/2016:14:42:53 +0800] \"GET /wechat/home.html?useragent=android_h5_zjcap&apiver=2 HTTP/1.1\" - 200 11601 \"-\" \"okhttp/2.6.0\" 0.001 182.239.100.236",

                "@version" => "1",

              "@timestamp" => "2016-09-11T06:43:14.948Z",

                    "path" => "/data01/applog_backup/zjzc_log/zj-frontend01-access.2016-09-11",

                    "host" => "dr-mysql01.zjcap.com",

                    "type" => "zj_frontend_access",

                "clientip" => "10.171.246.184",

                    "time" => "11/Sep/2016:14:42:53 +0800",

                    "verb" => "GET",

                 "request" => "/wechat/home.html",

             "httpversion" => "1.1",

        "http_status_code" => "200",

                   "bytes" => "11601",

            "http_referer" => "-",

         "http_user_agent" => "okhttp/2.6.0",

            "request_time" => 0.001,

    "http_x_forwarded_for" => "182.239.100.236",

                   "geoip" => {

                    "ip" => "182.239.100.236",

         "country_code2" => "HK",

         "country_code3" => "HKG",

          "country_name" => "Hong Kong",

        "continent_code" => "AS",

           "region_name" => "00",

             "city_name" => "Kwai Chung",

              "latitude" => 22.349999999999994,

             "longitude" => 114.13330000000002,

              "timezone" => "Asia/Hong_Kong",

              "location" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ],

           "coordinates" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ]

    }

}

filter {

    grok {

        match =>[

             "message","%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request}\?.* HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)",

             "message" , "%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)"

        ]

    }

        geoip {

                        source => "http_x_forwarded_for"

                        target => "geoip"

                        database => "/usr/local/logstash-2.3.4/etc/GeoLiteCity.dat"

                        add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]

                        add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]

                }

                mutate {

                        convert => [ "[geoip][coordinates]", "float"]

                        convert => [ "request_time", "float"]

                       add_field =>["[geoip][request_time]","%{request_time}"]

                }

}

                 "message" => " 10.252.142.174 [11/Sep/2016:14:45:24 +0800] \"GET /wechat/images/about/lss.7dcc3a4c.png HTTP/1.1\" - 200 5147 \"https://www.zjcap.cn/wechat/safe.html?useragent=android_h5_zjcap\" \"Mozilla/5.0 (Linux; Android 6.0; HUAWEI NXT-L29 Build/HUAWEINXT-L29; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.98 Mobile Safari/537.36 android_h5_zjcap\" 0.000 182.239.100.236",

                "@version" => "1",

              "@timestamp" => "2016-09-11T06:47:02.315Z",

                    "path" => "/data01/applog_backup/zjzc_log/zj-frontend02-access.2016-09-11",

                    "host" => "dr-mysql01.zjcap.com",

                    "type" => "zj_frontend_access",

                "clientip" => "10.252.142.174",

                    "time" => "11/Sep/2016:14:45:24 +0800",

                    "verb" => "GET",

                 "request" => "/wechat/images/about/lss.7dcc3a4c.png",

             "httpversion" => "1.1",

        "http_status_code" => "200",

                   "bytes" => "5147",

            "http_referer" => "https://www.zjcap.cn/wechat/safe.html?useragent=android_h5_zjcap",

         "http_user_agent" => "Mozilla/5.0 (Linux; Android 6.0; HUAWEI NXT-L29 Build/HUAWEINXT-L29; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.98 Mobile Safari/537.36 android_h5_zjcap",

            "request_time" => 0.0,

    "http_x_forwarded_for" => "182.239.100.236",

                   "geoip" => {

                    "ip" => "182.239.100.236",

         "country_code2" => "HK",

         "country_code3" => "HKG",

          "country_name" => "Hong Kong",

        "continent_code" => "AS",

           "region_name" => "00",

             "city_name" => "Kwai Chung",

              "latitude" => 22.349999999999994,

             "longitude" => 114.13330000000002,

              "timezone" => "Asia/Hong_Kong",

              "location" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ],

           "coordinates" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ],

          "request_time" => 0.0

    }

}

给 geoip 添加一列,add_field =>["[geoip][request_time]","%{request_time}"]

geoip 添加一列,add_field =>["[geoip][request_time]","%{request_time}"]的更多相关文章

  1. 给numpy矩阵添加一列

    问题的定义: 首先我们有一个数据是一个mn的numpy矩阵现在我们希望能够进行给他加上一列变成一个m(n+1)的矩阵 import numpy as np a = np.array([[1,2,3], ...

  2. GridView 动态添加绑定列和模板列

    动态添加绑定列很简单:例如: GridView1.DataSourceID = "SqlDataSource1"; BoundField bf1 = new BoundField( ...

  3. DataGridView中添加CheckBox列用于选择行

    DataGridView中添加CheckBox列用于选择行 1,编辑DataGridView,添加一列 CheckBox ,Name 赋值为 "select",如下图: 2,取消 ...

  4. ASP.NET 为GridView添加序号列,且支持分页连续累计显示

    为GridView添加序号列,且支持分页连续累计显示,废话不多说,直接上代码: <%@ Page Language="C#" AutoEventWireup="tr ...

  5. mysql修改表名,列名,列类型,添加表列,删除表列

    alter table test rename test1; --修改表名 ); --添加表列 alter table test drop column name; --删除表列 ) --修改表列类型 ...

  6. Mysql下在某一列后即表的某一位置添加新列的sql语句

    Mysql简介 MySQL是一个开放源码的小型关联式数据库管理系统,开发者为瑞典MySQL AB公司.MySQL被广泛地应用在Internet上的中小型网站中.由于其体积小.速度快.总体拥有成本低,尤 ...

  7. GridControl控件添加按钮列及在按钮Click事件中得到行数据 zt

    在GridControl中添加按钮列的步骤如下: 1. 把列的ColumnEdit属性设置为RepositoryItemButtonEdit 2. 把TextEditStyle属性设置为HideTex ...

  8. [Ext JS 4] 实战之Grid, Tree Gird 添加按钮列

    引言 贴一个grid 的例子先: 有这样一个需求: 1. 给 Grid(or Tree Grid)添加一列, 这一列显示是Button. 点击之后可以对这一行进行一些操作 2. 这一列每一行对应的按钮 ...

  9. ASP.NET repeater添加序号列的方法

    ASP.NET repeater添加序号列的方法 1.<itemtemplate> <tr><td> <%# Container.ItemIndex + 1% ...

随机推荐

  1. CH Round #53 -GCD Path

    描述 给定一张N个点的有向图,点i到点j有一条长度为 i/(gcd(i,j))的边.有Q个询问,每个询问包含两个数x和y,求x到y的最短距离. 输入格式 第一行包含两个用空格隔开的整数,N和Q. 接下 ...

  2. linux下串口的阻塞和非阻塞操作

    有两个可以进行控制串口阻塞性(同时控制read和write):一个是在打开串口的时候,open函数是否带O_NDELAY:第二个是可以在打开串口之后通过fcntl()函数进行控制. 阻塞的定义: 对于 ...

  3. C# - List操作- 去掉重复

    ChangeList里面会有重复的数据,这时可以这样去掉重复的item // Remove duplicated info var dup = ChangeList.Where(item => ...

  4. python高级编程:缓存

    # -*- coding: utf-8 -*-__author__ = 'Administrator'#缓存"""对于运行代价很高的函数和方法结果,可以进行缓存,只要:1 ...

  5. PHP的错误处理方式

    错误类型 PHP 主要有两种错误:触发错误和异常.其中触发错误大概可以分为:编译错误.引擎错误和运行时错误,其中前两个是无法捕获的:异常都是可以捕获的,当没有尝试捕获时则会中断代码. 触发错误可以通过 ...

  6. 5分钟精通git教程

    git是一个版本控制工具,就要先弄清楚什么是版本 版本: 对外发布的版本如v1.0.0,v1.1.0 叫version 内部代码的版本叫commit,如:修改了一个错别字 顾名思义一个version就 ...

  7. 货币小写转大写.htm

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/ ...

  8. iOS8怎么降级到iOS7,苹果iOS8怎么刷回iOS7

    iOS8怎么降级到iOS7,苹果iOS8怎么刷回iOS7 http://jingyan.baidu.com/article/e75aca855c5c19142edac6e9.html 威锋APPLE工 ...

  9. oracle 10g RAC psu过程

    1 升级crs 至10.2.0.5.2 1) 升级opatch 程序,PSU对opatch的版本有要求,详见readme文件,此步操作共涉及到每个节点的ORACLE_HOME和ORA_CRS_HOME ...

  10. 模拟Sping MVC

    在Spring MVC中,将一个普通的java类标注上Controller注解之后,再将类中的方法使用RequestMapping注解标注,那么这个普通的java类就够处理Web请求,示例代码如下: ...