logstash 处理各种时间格式
tomcat access日志:
{
"@version" => "1",
"@timestamp" => "2016-10-22T12:58:07.000Z",
"path" => "/data01/applog_backup/zjzc_log/zj-api-access01.2016-10-22",
"host" => "dr-mysql01.zjcap.com",
"type" => "zj_api_access",
"clientip" => "10.252.142.174",
"time" => "22/Oct/2016:20:58:07 +0800",
"verb" => "GET",
"api" => "/api/validate/code/send",
"httpversion" => "1.1",
"http_status_code" => "200",
"bytes" => "52",
"remoteip" => "115.51.148.47",
"response_time" => 0.015,
"messager" => "zj_api_access- 10.252.142.174 - - [22/Oct/2016:20:58:07 +0800] \"GET /api/validate/code/send?mobilePhone=15090308333&messageType=1&_=1454297673274 HTTP/1.1\" 200 52 0.015 115.51.148.47"
} "message" , "\s*%{IPORHOST:clientip}\s+\-\s+\-\s+\[%{HTTPDATE:time}\]\s+\"%{WORD:verb}\s+(?<api>(\S+))\?.*\s+HTTP/%{NUMBER:httpversion}\"\s+%{NUMBER:http_status_code}\s+%{NUMBER:bytes}\s+(%{BASE16FLOAT:request_time})\s+%{IPORHOST:remoteip}",
"message" ,"\s*%{IPORHOST:clientip}\s+\-\s+\-\s+\[%{HTTPDATE:time}\]\s+\"%{WORD:verb}\s+(?<api>(\S+))\s+HTTP/%{NUMBER:httpversion}\"\s+%{NUMBER:http_status_code}\s+%{NUMBER:bytes}\s+(%{BASE16FLOAT:request_time})\s+%{IPORHOST:remoteip}",
"message" ,"\s*%{IPORHOST:clientip}\s+\-\s+\-\s+\[%{HTTPDATE:time}\]\s+\"%{WORD:verb}\s+(?<api>(\S+))\s+HTTP/%{NUMBER:httpversion}\"\s+%{NUMBER:http_status_code}\s+\-\s+(%{BASE16FLOAT:request_time})\s+%{IPORHOST:remoteip}",
"message","\s*%{IPORHOST:clientip}\s+\-\s+\-\s+\[%{HTTPDATE:time}\]\s+\"%{WORD:verb}\s+(?<api>(\S+))\s+HTTP/%{NUMBER:httpversion}\"\s+%{NUMBER:http_status_code}\s+\-\s+(%{BASE16FLOAT:request_time})\s+(%{IPORHOST:remoteip}|-)" tomcat catalina日志; {
"@timestamp" => "2016-10-22T12:59:22.877Z",
"@version" => "1",
"path" => "/data01/applog_backup/zjzc_log/zj-api02-catalina.out.2016-10-22",
"host" => "dr-mysql01.zjcap.com",
"type" => "zj_api",
"messager" => "zj_api- 2016-10-22 20:59:22,877 INFO com.zjzc.interceptor.ClientAuthInterceptor - authInfo servletPath=/validate/code/send,clientSn=null,access=true",
"time" => "2016-10-22 20:59:22,877",
"Level" => "INFO"
} filter {
grok {
match => [ "message","\s*%{TIMESTAMP_ISO8601:time}\s+(?<Level>(\S+)).*"]
}
date {
match => ["time", "yyyy-MM-dd HH:mm:ss,SSS"]
}
mutate {
remove_field =>["message"]
}
} nginx access 日志; {
"message" => " 10.171.246.184 [22/Oct/2016:21:00:40 +0800] \"GET /resources/images/icon/icon_phone_gray.273e583f.png HTTP/1.1\" - 200 352 \"https://www.zjcap.cn/resources/css/base.css?06212016\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36\" 0.000 115.236.160.82",
"@version" => "1",
"@timestamp" => "2016-10-22T13:00:40.000Z",
"path" => "/data01/applog_backup/zjzc_log/zj-frontend01-access.2016-10-22",
"host" => "dr-mysql01.zjcap.com",
"type" => "zj_frontend_access",
"clientip" => "10.171.246.184",
"time" => "22/Oct/2016:21:00:40 +0800",
"verb" => "GET",
"request" => "/resources/images/icon/icon_phone_gray.273e583f.png",
"httpversion" => "1.1",
"http_status_code" => "200",
"bytes" => "352",
"http_referer" => "https://www.zjcap.cn/resources/css/base.css?06212016",
"http_user_agent" => "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36",
"http_x_forwarded_for" => "115.236.160.82",
"geoip" => {
"ip" => "115.236.160.82",
"country_code2" => "CN",
"country_code3" => "CHN",
"country_name" => "China",
"continent_code" => "AS",
"region_name" => "02",
"city_name" => "Hangzhou",
"latitude" => 30.293599999999998,
"longitude" => 120.16140000000001,
"timezone" => "Asia/Shanghai",
"real_region_name" => "Zhejiang",
"location" => [
[0] 120.16140000000001,
[1] 30.293599999999998
],
"coordinates" => [
[0] 120.16140000000001,
[1] 30.293599999999998
]
},
"response_time" => 0.0,
"messager" => "zj_frontend_access 10.171.246.184 [22/Oct/2016:21:00:40 +0800] \"GET /resources/images/icon/icon_phone_gray.273e583f.png HTTP/1.1\" - 200 352 \"https://www.zjcap.cn/resources/css/base.css?06212016\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36\" 0.000 115.236.160.82" filter {
grok {
match =>[
"message","%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request}\?.* HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)",
"message" , "%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)",
"message","%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} (?<http_url>\S+)\s+HTTP/%{NUMBER:httpversion}\"\s+\-\s+%{NUMBER:http_status_code}\s+%{NUMBER:bytes}\s+\"\-\"\s+\"(?<http_user_agent>(\S+))\"\s+(%{BASE16FLOAT:request_time})\s+(%{IPORHOST:http_x_forwarded_for}|-)",
"message","%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)" ]
} nginx error 日志; "message" => " 2016/10/22 21:00:32 [error] 12890#0: *98081 open() \"/var/www/zjzc-web-frontEnd/favicon.ico\" failed (2: No such file or directory), client: 10.171.246.184, server: localhost, request: \"GET /favicon.ico HTTP/1.1\", host: \"www.zjcap.cn\"",
"@version" => "1",
"@timestamp" => "2016-10-22T13:00:32.000Z",
"path" => "/data01/applog_backup/zjzc_log/zj-frontend01-error.2016-10-22",
"host" => "dr-mysql01.zjcap.com",
"type" => "zj_frontend_error",
"time" => "2016/10/22 21:00:32",
"severity" => "error",
"pid" => "12890",
"errormessage" => "*98081 open() \"/var/www/zjzc-web-frontEnd/favicon.ico\" failed (2: No such file or directory)",
"remote_addr" => "10.171.246.184",
"server" => "localhost",
"request" => "\"GET /favicon.ico HTTP/1.1\"",
"request_host" => "\"www.zjcap.cn\""
} filter {
grok {
match => [ "message" , "(?<time>%{YEAR}[./-]%{MONTHNUM}[./-]%{MONTHDAY}[- ]%{TIME}) \[%{LOGLEVEL:severity}\] %{POSINT:pid}#%{NUMBER}: %{GREEDYDATA:errormessage}(?:, client: (?<remote_addr>%{IP}|%{HOSTNAME}))(?:, server: %{IPORHOST:server}?)(?:, request: %{QS:request})?(?:, upstream: (?<upstream>\"%{URI}\"|%{QS}))?(?:, host: %{QS:request_host})?(?:, referrer: \"%{URI:referrer}\")?"]
}
date {
match => ["time", "yyyy/MM/dd HH:mm:ss"]
}
}
logstash 处理各种时间格式的更多相关文章
- logstash关于date时间处理的几种方式总结
1.第一种,直接在配置文件中自定义时间格式 这是tomcat配置文件中的一段日志时间配置,按照这样的配置,那么输出的日志是这样子的: 然后你继续在logstash中这样子配置 此时logstash就不 ...
- elasticsearch中保存时间格式
利用logstash从文档中导入数据到es中,若未事先设定数据格式,有可能存储时间并未保存为date格式而是text格式. 时间若保存为text,则在会以字符串数组格式存储在es中,是乱序,不好查询. ...
- NSDateFormatter 时间格式转换
NSString *strDate = @“Wed Apr ::”; NSDateFormatter *dateFomatter =[[NSDateFormatter alloc] init]; [d ...
- 时间格式转换—将后台返回的/Date(1448954018000)/格式转换为正常的时间格式
用JS实现方法: function ChangeDateFormat(cellval) { )); < ? ) : date.getMonth() + ; ? " + date.get ...
- Newtonsoft.Json 序列化和反序列化 时间格式【转】
1.JSON序列化 string JsonStr= JsonConvert.SerializeObject(Entity); eg: A a=new A(); a.Name="Elain ...
- Spring mvc时间格式处理
spring mvc中,如果时间格式是yyyy-MM-dd,传入后台会报错,要增加一些配置才可以. 1.修改spring-mvc.xml,增加org.springframework.format.su ...
- db2 日期时间格式
db2日期和时间常用汇总 1.db2可以通过SYSIBM.SYSDUMMY1.SYSIBM.DUAL获取寄存器中的值,也可以通过VALUES关键字获取寄存器中的值. SELECT 'HELLO DB2 ...
- JavaScriptSerializer 序列化json 时间格式
利用JavaScriptSerializer 序列化json 时间格式,得到的DateTime值值显示为“/Date(700000+0500)/”形式的JSON字符串,显然要进行转换 1.利用字符串直 ...
- sqlserver 时间格式函数详细
一.时间函数 在使用存储过程,sql函数的时候,会遇到一些对时间的处理.比如时间的获取与加减.这里就用到了sql自带的时间函数.下面我列出这些函数,方便日后记忆,使用. --getdate 获取当前时 ...
随机推荐
- spring-data-redis工程
官方文档:http://docs.spring.io/spring-data/data-redis/docs/current/reference/html/redis.html The Spring ...
- Java基础知识强化之集合框架笔记29:使用LinkedList实现栈数据结构的集合代码(面试题)
1. 请用LinkedList模拟栈数据结构的集合,并测试: 题目的意思是: 你自己的定义一个集合类,在这个集合类内部可以使用LinkedList模拟,使用LinkedList功能方法封装成 ...
- rabbitMQ实战(一)---------使用pika库实现hello world
rabbitMQ实战(一)---------使用pika库实现hello world 2016-05-18 23:29 本站整理 浏览(267) pika是RabbitMQ团队编写的官方Pyt ...
- codevs1506传话(kosaraju算法)
- - - - - - - - 一个()打成[] 看了一晚上..... /* 求强连通分量 kosaraju算法 边表存图 正反构造两个图 跑两边 分别记下入栈顺序 和每个强连通分量的具体信息 */ ...
- python 学习笔记(二)两种方式实现第一个python程序
在交互模式下: 如果要让Python打印出指定的文字,可以用print语句,然后把希望打印的文字用单引号或者双引号括起来,但不能混用单引号和双引号: >>> print 'hello ...
- 初识 Angular 体会
一句话描述:一个前端的类似MVC框架的JS库 刚接触2天,刚一看感觉和asp.net mvc能实现的功能有点重复. 虽然asp.net的表单验证,Razor语法使其在前端开发有较大提升,但要实现比较高 ...
- EntityFramework 中生成的类加注释
EF5在生成实体类时获取不到数据库中表的说明字段,需要使用单独的t4模板来获取 下载文件 将文件与edmx 放同一文件夹 1.在生成类的t4模板中加入 <#@ include file=&quo ...
- 解决UITableView中Cell重用机制导致内容出错的方法总结
UITableView继承自UIScrollview,是苹果为我们封装好的一个基于scroll的控件.上面主要是一个个的 UITableViewCell,可以让UITableViewCell响应一些点 ...
- 寒哥教你学 iOS - 经验漫谈(转)
转自http://www.cocoachina.com/ios/20150907/13339.html 本篇文章主要讲解 4个问题 load妙用 aop面向切面编程 NSNumber Or Int @ ...
- JS 通过系统时间限定 动态添加 select option
虽然是个简单的效果,还是需要积累一下,记录一下: 在八月一号之后,删除最后一项,新添加2016级 — — 2015级 2014级 2013级 2012级 在六月一号之后,删除最后一项,新添加2016级 ...