elasticsearch - 如何处理输入文件logstash中的特殊字符(“)
问题描述
使用 logstash 推送到 ELK 时,我的数据出现问题。这是我的输入文件
input {
file {
path => ["C:/Users/HoangHiep/Desktop/test17.txt"]
type => "_doc"
start_position => beginning
}
}
filter {
dissect {
mapping => {
"message" => "%{word}"
}
}
}
output {
elasticsearch{
hosts => ["localhost:9200"]
index => "test01"
}
stdout { codec => rubydebug}
}
我的数据是
"day la text"
这是输出
{
"host" => "DESKTOP-T41GENH",
"path" => "C:/Users/HoangHiep/Desktop/test17.txt",
"@timestamp" => 2020-01-15T10:04:52.746Z,
"@version" => "1",
"type" => "_doc",
"message" => "\"day la text\"\r",
"word" => "\"day la text\"\r"
}
有什么方法可以处理字符(“)。我希望“单词”就像“day la text \r”没有字符\“
谢谢大家。
解决方案
如果此更改对您有用,我可以对此进行更多解释。我说的原因是我有最新的 mac,所以我没有看到\r消息中的尾随。
输入就像你有它"day la text"
filter {
mutate {
gsub => [
"message","(\")", ""
]
}
}
响应是
{
"@timestamp" => 2020-01-15T15:01:58.828Z,
"@version" => "1",
"headers" => {
"http_version" => "HTTP/1.1",
"request_method" => "POST",
"http_accept" => "*/*",
"accept_encoding" => "gzip, deflate",
"postman_token" => "5ae8b2a0-2e94-433c-9ecc-e415731365b6",
"cache_control" => "no-cache",
"content_type" => "text/plain",
"connection" => "keep-alive",
"http_user_agent" => "PostmanRuntime/7.21.0",
"http_host" => "localhost:8080",
"content_length" => "13",
"request_path" => "/"
},
"host" => "0:0:0:0:0:0:0:1",
"message" => "day la text" <===== see the extra inbuilt `\"` gone.
}
推荐阅读
- flutter - 如何将 CustomScrollView 用作孩子
- python - 如何将循环打印输出更改为熊猫数据框
- django - 如何将值保存在 django 的数据库中?
- python - 从嵌套字典中的嵌套字典创建 Pandas 数据框
- java - 对 Spring Controller 的请求返回 404 not found
- mysql - 根据另一张表的更新更新一张表的记录
- node.js - 接收错误:html-pdf:PDF 生成超时。Phantom.js 脚本没有退出。在 Firebase 云函数中
- c++ - 完美的前向返回类型,但带有 const
- azure - 为什么我的 Azure Cosmos DB SQL API 容器拒绝具有相同分区键值的多个项目?
- amazon-web-services - 创建 web 源模块 oracle apex 20.0