1.                  "message" => " 10.171.246.184 [11/Sep/2016:14:42:53 +0800] \"GET /wechat/home.html?useragent=android_h5_zjcap&apiver=2 HTTP/1.1\" - 200 11601 \"-\" \"okhttp/2.6.0\" 0.001 182.239.100.236",
  2.                 "@version" => "1",
  3.               "@timestamp" => "2016-09-11T06:43:14.948Z",
  4.                     "path" => "/data01/applog_backup/zjzc_log/zj-frontend01-access.2016-09-11",
  5.                     "host" => "dr-mysql01.zjcap.com",
  6.                     "type" => "zj_frontend_access",
  7.                 "clientip" => "10.171.246.184",
  8.                     "time" => "11/Sep/2016:14:42:53 +0800",
  9.                     "verb" => "GET",
  10.                  "request" => "/wechat/home.html",
  11.              "httpversion" => "1.1",
  12.         "http_status_code" => "200",
  13.                    "bytes" => "11601",
  14.             "http_referer" => "-",
  15.          "http_user_agent" => "okhttp/2.6.0",
  16.             "request_time" => 0.001,
  17.     "http_x_forwarded_for" => "182.239.100.236",
  18.                    "geoip" => {
  19.                     "ip" => "182.239.100.236",
  20.          "country_code2" => "HK",
  21.          "country_code3" => "HKG",
  22.           "country_name" => "Hong Kong",
  23.         "continent_code" => "AS",
  24.            "region_name" => "00",
  25.              "city_name" => "Kwai Chung",
  26.               "latitude" => 22.349999999999994,
  27.              "longitude" => 114.13330000000002,
  28.               "timezone" => "Asia/Hong_Kong",
  29.               "location" => [
  30.             [0] 114.13330000000002,
  31.             [1] 22.349999999999994
  32.         ],
  33.            "coordinates" => [
  34.             [0] 114.13330000000002,
  35.             [1] 22.349999999999994
  36.         ]
  37.     }
  38. }
  39.  
  40. filter {
  41.     grok {
  42.         match =>[
  43.              "message","%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request}\?.* HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)",
  44.              "message" , "%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)"
  45.  
  46.         ]
  47.     }
  48.         geoip {
  49.                         source => "http_x_forwarded_for"
  50.                         target => "geoip"
  51.                         database => "/usr/local/logstash-2.3.4/etc/GeoLiteCity.dat"
  52.                         add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
  53.                         add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]
  54.                 }
  55.                 mutate {
  56.                         convert => [ "[geoip][coordinates]", "float"]
  57.                         convert => [ "request_time", "float"]
  58.                        add_field =>["[geoip][request_time]","%{request_time}"]
  59.                 }
  60.  
  61. }
  62.  
  63.                  "message" => " 10.252.142.174 [11/Sep/2016:14:45:24 +0800] \"GET /wechat/images/about/lss.7dcc3a4c.png HTTP/1.1\" - 200 5147 \"https://www.zjcap.cn/wechat/safe.html?useragent=android_h5_zjcap\" \"Mozilla/5.0 (Linux; Android 6.0; HUAWEI NXT-L29 Build/HUAWEINXT-L29; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.98 Mobile Safari/537.36 android_h5_zjcap\" 0.000 182.239.100.236",
  64.                 "@version" => "1",
  65.               "@timestamp" => "2016-09-11T06:47:02.315Z",
  66.                     "path" => "/data01/applog_backup/zjzc_log/zj-frontend02-access.2016-09-11",
  67.                     "host" => "dr-mysql01.zjcap.com",
  68.                     "type" => "zj_frontend_access",
  69.                 "clientip" => "10.252.142.174",
  70.                     "time" => "11/Sep/2016:14:45:24 +0800",
  71.                     "verb" => "GET",
  72.                  "request" => "/wechat/images/about/lss.7dcc3a4c.png",
  73.              "httpversion" => "1.1",
  74.         "http_status_code" => "200",
  75.                    "bytes" => "5147",
  76.             "http_referer" => "https://www.zjcap.cn/wechat/safe.html?useragent=android_h5_zjcap",
  77.          "http_user_agent" => "Mozilla/5.0 (Linux; Android 6.0; HUAWEI NXT-L29 Build/HUAWEINXT-L29; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.98 Mobile Safari/537.36 android_h5_zjcap",
  78.             "request_time" => 0.0,
  79.     "http_x_forwarded_for" => "182.239.100.236",
  80.                    "geoip" => {
  81.                     "ip" => "182.239.100.236",
  82.          "country_code2" => "HK",
  83.          "country_code3" => "HKG",
  84.           "country_name" => "Hong Kong",
  85.         "continent_code" => "AS",
  86.            "region_name" => "00",
  87.              "city_name" => "Kwai Chung",
  88.               "latitude" => 22.349999999999994,
  89.              "longitude" => 114.13330000000002,
  90.               "timezone" => "Asia/Hong_Kong",
  91.               "location" => [
  92.             [0] 114.13330000000002,
  93.             [1] 22.349999999999994
  94.         ],
  95.            "coordinates" => [
  96.             [0] 114.13330000000002,
  97.             [1] 22.349999999999994
  98.         ],
  99.           "request_time" => 0.0
  100.     }
  101. }
  102.  
  103.  geoip 添加一列,add_field =>["[geoip][request_time]","%{request_time}"]

geoip 添加一列,add_field =>["[geoip][request_time]","%{request_time}"]的更多相关文章

  1. 给numpy矩阵添加一列

    问题的定义: 首先我们有一个数据是一个mn的numpy矩阵现在我们希望能够进行给他加上一列变成一个m(n+1)的矩阵 import numpy as np a = np.array([[1,2,3], ...

  2. GridView 动态添加绑定列和模板列

    动态添加绑定列很简单:例如: GridView1.DataSourceID = "SqlDataSource1"; BoundField bf1 = new BoundField( ...

  3. DataGridView中添加CheckBox列用于选择行

    DataGridView中添加CheckBox列用于选择行 1,编辑DataGridView,添加一列 CheckBox ,Name 赋值为 "select",如下图: 2,取消 ...

  4. ASP.NET 为GridView添加序号列,且支持分页连续累计显示

    为GridView添加序号列,且支持分页连续累计显示,废话不多说,直接上代码: <%@ Page Language="C#" AutoEventWireup="tr ...

  5. mysql修改表名,列名,列类型,添加表列,删除表列

    alter table test rename test1; --修改表名 ); --添加表列 alter table test drop column name; --删除表列 ) --修改表列类型 ...

  6. Mysql下在某一列后即表的某一位置添加新列的sql语句

    Mysql简介 MySQL是一个开放源码的小型关联式数据库管理系统,开发者为瑞典MySQL AB公司.MySQL被广泛地应用在Internet上的中小型网站中.由于其体积小.速度快.总体拥有成本低,尤 ...

  7. GridControl控件添加按钮列及在按钮Click事件中得到行数据 zt

    在GridControl中添加按钮列的步骤如下: 1. 把列的ColumnEdit属性设置为RepositoryItemButtonEdit 2. 把TextEditStyle属性设置为HideTex ...

  8. [Ext JS 4] 实战之Grid, Tree Gird 添加按钮列

    引言 贴一个grid 的例子先: 有这样一个需求: 1. 给 Grid(or Tree Grid)添加一列, 这一列显示是Button. 点击之后可以对这一行进行一些操作 2. 这一列每一行对应的按钮 ...

  9. ASP.NET repeater添加序号列的方法

    ASP.NET repeater添加序号列的方法 1.<itemtemplate> <tr><td> <%# Container.ItemIndex + 1% ...

随机推荐

  1. Android String 转 MD5

    /** * 将字符串转成16 位MD5值 *  * @param string * @return */ public static String MD5(String string) { byte[ ...

  2. perl 学习笔记

    一:基础 1:安装perl      centos: yum -y install perl       官网:https://www.perl.org/      升级到5.22:先下载,执行./i ...

  3. Oracle11gRAC安装

    安装Oracle RAC 一.硬件环境 ①用虚拟机搭建两台机器,操作系统都为: [root@node1 ~]# cat /etc/issue Red Hat Enterprise Linux Serv ...

  4. 支持多文件上传,预览,拖拽,基于bootstra的上传插件fileinput 的ajax异步上传

    首先需要导入一些js和css文件 <link href="__PUBLIC__/CSS/bootstrap.css" rel="stylesheet"&g ...

  5. mac复制粘贴剪切

    win下复制粘贴剪切: Ctrl+C,Ctrl+V,Ctrl+X; mac下lion之后已经有了一直让win用户吐槽的剪切功能: 复制粘贴剪切:Command+C,Command+V,Command+ ...

  6. Android Support库百分比布局

    之前写过一篇屏幕适配的文章Android 屏幕适配最佳实践,里面提到了类似百分比布局的东西,可是该方法缺点非常明显,就会添加非常多没用的数据,导致apk包变大. 而谷歌的support库中,添加了一个 ...

  7. Android Studio使用技巧系列教程(二)

    尊重劳动成果,转载请注明出处:http://blog.csdn.net/growth58/article/details/46764575 关注新浪微博:@于卫国 邮箱:yuweiguocn@gmai ...

  8. HDU 4760 Good FireWall 完好Trie题解

    本题乍看像是线段树之类的区间操作,只是由于仅仅是须要查找ip的前缀,故此事实上是使用Trie来做. 挺高难度的Trie应用,做完这道题之后说明Trie功力有一定火候了. 这里的Trie使用到了Dele ...

  9. Linux目录和权限

    1. rmdir -p  用来删除一串目录,是否可以成功删除?   rmdir -p  删除一个不存在的目录时是否报错呢?rmdir -p 不能成功删除非空目录,rmdir -p 删除一个不存在的目录 ...

  10. C#高级编程第2章-核心C#

    内容提要: 声明变量:变量的初始化和作用域:C#的预定义数据类型:在C#程序中使用条件语句.循环和跳转语句指定执行流:枚举:名称空间: Main()方法:基本命令行C#编译器选项:使用System.C ...