个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
26
4
我是使用Logstash的新手,并且正在努力使用Logstash作为csv从Elasticsearch中获取数据。
为了创建一些示例数据,我们首先可以在elasticsearch中添加一个基本的csv ...示例csv的头部如下所示
$ head uu.csv
"hh","hh1","hh3","id"
-0.979646332669359,1.65186132910743,"L",1
-0.283939374784435,-0.44785377794233,"X",2
0.922659898930901,-1.11689020559612,"F",3
0.348918777124474,1.95766948269957,"U",4
0.52667811182958,0.0168862169880919,"Y",5
-0.804765331279075,-0.186456470768865,"I",6
0.11411203100637,-0.149340801708981,"Q",7
-0.952836952412902,-1.68807271639322,"Q",8
-0.373528919496876,0.750994450392907,"F",9
$ cat uu.conf
input {
stdin {}
}
filter {
csv {
columns => [
"hh","hh1","hh3","id"
]
}
if [hh1] == "hh1" {
drop { }
} else {
mutate {
remove_field => [ "message", "host", "@timestamp", "@version" ]
}
mutate {
convert => { "hh" => "float" }
convert => { "hh1" => "float" }
convert => { "hh3" => "string" }
convert => { "id" => "integer" }
}
}
}
output {
stdout { codec => dots }
elasticsearch {
index => "temp_index"
document_type => "temp_doc"
document_id => "%{id}"
}
}
$ cat uu.csv | logstash-2.1.3/bin/logstash -f uu.conf
Settings: Default filter workers: 16
Logstash startup completed
....................................................................................................Logstash shutdown completed
$ cat yy.conf
input {
elasticsearch {
hosts => "localhost:9200"
index => "temp_index"
query => "*"
}
}
filter {
elasticsearch{
add_field => {"hh" => "%{hh}"}
add_field => {"hh3" => "%{hh3}"}
}
}
output {
stdout { codec => dots }
csv {
fields => ['hh','hh3']
path => '/home/username/yy.csv'
}
}
$ logstash-2.1.3/bin/logstash -f yy.conf
The error reported is:
Couldn't find any filter plugin named 'elasticsearch'. Are you sure this is correct? Trying to load the elasticsearch filter plugin resulted in this error: no such file to load -- logstash/filters/elasticsearch
yy.conf更改为以下内容...
$ cat yy.conf
input {
elasticsearch {
hosts => "localhost:9200"
index => "temp_index"
query => "*"
}
}
filter {}
output {
stdout { codec => dots }
csv {
fields => ['hh','hh3']
path => '/home/username/yy.csv'
}
}
$ logstash-2.1.3/bin/logstash -f yy.conf
Settings: Default filter workers: 16
Logstash startup completed
A plugin had an unrecoverable error. Will restart this plugin.
Plugin: <LogStash::Inputs::Elasticsearch hosts=>["localhost:9200"], index=>"temp_index", query=>"*", codec=><LogStash::Codecs::JSON charset=>"UTF-8">, scan=>true, size=>1000, scroll=>"1m", docinfo=>false, docinfo_target=>"@metadata", docinfo_fields=>["_index", "_type", "_id"], ssl=>false>
Error: [400] {"error":{"root_cause":[{"type":"parse_exception","reason":"Failed to derive xcontent"}],"type":"search_phase_execution_exception","reason":"all shards failed","phase":"init_scan","grouped":true,"failed_shards":[{"shard":0,"index":"temp_index","node":"zu3E6F7kQRWnDPY5L9zF-w","reason":{"type":"parse_exception","reason":"Failed to derive xcontent"}}]},"status":400} {:level=>:error}
A plugin had an unrecoverable error. Will restart this plugin.
Plugin: <LogStash::Inputs::Elasticsearch hosts=>["localhost:9200"], index=>"temp_index", query=>"*", codec=><LogStash::Codecs::JSON charset=>"UTF-8">, scan=>true, size=>1000, scroll=>"1m", docinfo=>false, docinfo_target=>"@metadata", docinfo_fields=>["_index", "_type", "_id"], ssl=>false>
Error: [400] {"error":{"root_cause":[{"type":"parse_exception","reason":"Failed to derive xcontent"}],"type":"search_phase_execution_exception","reason":"all shards failed","phase":"init_scan","grouped":true,"failed_shards":[{"shard":0,"index":"temp_index","node":"zu3E6F7kQRWnDPY5L9zF-w","reason":{"type":"parse_exception","reason":"Failed to derive xcontent"}}]},"status":400} {:level=>:error}
A plugin had an unrecoverable error. Will restart this plugin.
yy.conf以删除
elasticsearch{}看起来像...
$ cat yy.conf
input {
elasticsearch {
hosts => "localhost:9200"
index => "temp_index"
query => "*"
}
}
filter {
add_field => {"hh" => "%{hh}"}
add_field => {"hh3" => "%{hh3}"}
}
output {
stdout { codec => dots }
csv {
fields => ['hh','hh3']
path => '/home/username/yy.csv'
}
}
$ logstash-2.1.3/bin/logstash -f yy.conf
Error: Expected one of #, { at line 10, column 19 (byte 134) after filter {
add_field
You may be interested in the '--configtest' flag which you can
use to validate logstash's configuration before you choose
to restart a running system.
$ cat yy.conf
input {
elasticsearch {
hosts => "localhost:9200"
index => "temp_index"
query => "*"
}
}
filter {
add_field {"hh" => "%{hh}"}
add_field {"hh3" => "%{hh3}"}
}
output {
stdout { codec => dots }
csv {
fields => ['hh','hh3']
path => '/home/username/yy.csv'
}
}
$ logstash-2.1.3/bin/logstash -f yy.conf
The error reported is:
Couldn't find any filter plugin named 'add_field'. Are you sure this is correct? Trying to load the add_field filter plugin resulted in this error: no such file to load -- logstash/filters/add_field
$ cat uu.csv | logstash-2.1.3/bin/logstash -f uu.conf
Settings: Default filter workers: 16
Logstash startup completed
....................................................................................................Logstash shutdown completed
$ logstash-2.1.3/bin/logstash -f yy.conf
Settings: Default filter workers: 16
Logstash startup completed
....................................................................................................Logstash shutdown completed
$ head uu.csv
"hh","hh1","hh3","id"
-0.979646332669359,1.65186132910743,"L",1
-0.283939374784435,-0.44785377794233,"X",2
0.922659898930901,-1.11689020559612,"F",3
0.348918777124474,1.95766948269957,"U",4
0.52667811182958,0.0168862169880919,"Y",5
-0.804765331279075,-0.186456470768865,"I",6
0.11411203100637,-0.149340801708981,"Q",7
-0.952836952412902,-1.68807271639322,"Q",8
-0.373528919496876,0.750994450392907,"F",9
$ head yy.csv
-0.106007607975644E1,F
0.385395589205671E0,S
0.722392598488791E-1,Q
0.119773830827963E1,Q
-0.151090510772458E1,W
-0.74978830916084E0,G
-0.98888121700762E-1,M
0.965827615823707E0,S
-0.165311094671424E1,F
0.523818819076447E0,R
最佳答案
您不需要那个elasticsearch过滤器,只需像您一样在csv输出中指定您想要的CSV字段,就可以了。 CSV中所需的字段已经包含在事件中,您只需要在fields输出的csv列表中列出它们即可。
具体来说,您的配置文件应如下所示:
$ cat yy.conf
input {
elasticsearch {
hosts => "localhost:9200"
index => "temp_index"
}
}
filter {
}
output {
stdout { codec => dots }
csv {
fields => ['hh','hh3']
path => '/home/username/yy.csv'
}
}
关于elasticsearch - 使用logstash将数据从elasticsearch中获取到csv文件,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35957479/
26
4
0
我在 logstash 中使用文件作为日志的输入。我的日志文件每天轮换,所以我想问一下我们如何配置 logstash 的文件插件,以便它可以处理每天轮换的文件。除此之外,文件节拍也可以进行日志轮换。
我正在我公司服务的服务器上实现监控工具。为此,我正在使用 logstash。我们的应用程序通过 log4net udp appender 将它们的日志发送到 logstash(输入 udp),然后 l
我期待对 Logstash 中收到的输入使用数学运算,但无法看到任何此类 过滤器 . 输入如下: { "user_id": "User123", "date": "2016 Jun 26 12
我对 logstash 和 Elasticsearch 很陌生。我正在尝试将日志文件存储在 elasticsearch 和平面文件中。我知道 logstash 支持两种输出。但是它们是同时处理的吗?还
寻求一些入门帮助...我已经安装了 Logstash(以及 ElasticSearch),但我正在为我的第一个过滤器而苦苦挣扎。 作为测试,我将其配置为从包含 6 行的修剪日志文件中读取,每行以时间戳
我已经按照下面提到的架构实现了 logstash(在测试中)。 成分分解 Rsyslog 客户端:默认情况下,所有 Linux destros 中都安装了 syslog,我们只需要配置 rsyslog
我无法在 LogStash 中使用负正则表达式(如 the docs 中所述) 考虑以下正则表达式,它可以正常工作以检测已分配值的字段: if [remote_ip] =~ /(.+)/ {
我在云中使用两台服务器,在一台服务器上 (A) 我安装了 filebeat,在第二台服务器上 (B) 我安装了 logstash、elasticsearch 和 kibana。所以我在 logstas
我有一个来自 Windows 事件日志的 IP 地址字段,它在 IP 地址前面包含类似“::fffff:”的字符。我无法在此处更改源,因此我必须在 Logstash 中修复此问题。 我一定很不擅长谷歌
我正在尝试将此日期结构 YYYY-MM-DD_HH-MM-SS 转换为 logstash 中的 YYYY-MM-DD HH:MM:SS。这是我的过滤器: filter { csv {
我正在使用 Logstash(以 Kibana 作为 UI)。我想从我的日志中提取一些字段,以便我可以在 UI 的 LHS 上按它们进行过滤。 我日志中的示例行如下所示: 2013-07-04 00:
如何将此 Logstash 过滤器更改为不区分大小写? filter { if "foo" in [message] { mutate { add_field => { "Alert_le
我正在尝试将事件消息与几个正则表达式相匹配。我打算使用 grep 过滤器,但它已被弃用,所以我正在尝试使用否定的方法。 我正在寻找的功能是删除所有事件,除非消息匹配多个正则表达式。 过滤器波纹管不起作
我用过logstash的RPM安装。因此,logstash 作为 linux 服务运行。我想调试一个管道,需要查看的内容 output { stdout { codec => rubydebug
如何在 logstash 中比较日期。我想将日期与恒定日期值进行比较。以下代码在 Logstash 中失败并出现 ruby 异常。 if [start_dt] { "str_dt" => "20
我正在从logstash-1.1.3升级到logstash-1.3.3。问题是,1.1.3 中的标签和字段配置在 1.3.3 版本中已弃用。这些允许仅将那些事件发送到具有给定标签或包含给定字段的输出。
我想在同一台机器上运行两个 logstash 实例。现在我使用命令启动 logstash。logstash.bat agent -f logstashconf.conf。但是当我要通过相同的命令启动第
我有这种格式的 php 日志 [Day Mon DD HH:MM:SS YYYY] [Log-Type] [client ] : [Day Mon DD HH:MM:SS YYYY] [Log-Ty
我的 logstash 中的一些请求使 http 输出插件失败,并且日志显示 [2020-10-16T18:44:54,574][ERROR][logstash.outputs.http ] [HTT
我正在探索Logstash来接收HTTP上的输入。我已经使用以下方法安装了http插件: 插件安装logstash-input-http 安装成功。然后我尝试使用以下命令运行logstash: log
我是一名优秀的程序员,十分优秀!