0

你好(我希望我的英语不会失败),我想过滤logstash中的json-message以使用“message”中的json(所有标签)作为kibana中的字段。

如何在logstash中设置我的过滤器以将所有json包含在elasticsearch的“消息”中,以便在kibana中将它们显示为字段?

我在我的应用程序中使用 log4j2 将消息输出到带有 jsonlayout 的控制台,然后使用 docker gelf 输出到 logstash,然后到 elasticsearch 以在 kibana 中显示(这是要求),因为我需要 threadcontext 和码头集装箱信息。

这是我完整的kibana登录

{
  "_index": "logstash-2019.04.30-000001",
  "_type": "_doc",
  "_id": "YRagb2oBpwGypU5SDzwG",
  "_version": 1,
  "_score": null,
  "_source": {
    "@version": "1",
    "command": "/WildFlyUser.sh",
    "@timestamp": "2019-04-30T19:02:01.550Z",
    "type": "gelf",
    "message": "\u001b[0m\u001b[0m19:02:01,549 INFO  [stdout] (default task-1) {\"thread\":\"default task-1\",\"level\":\"DEBUG\",\"loggerName\":\"com.corporation.app.configuration.LoggerInterceptor\",\"message\":\"thread=INI\",\"endOfBatch\":false,\"loggerFqcn\":\"org.apache.logging.log4j.spi.AbstractLogger\",\"instant\":{\"epochSecond\":1556650921,\"nanoOfSecond\":548899000},\"contextMap\":{\"path\":\"/appAPI/v2/operation/a661e1c6-01df-4fb6-bf35-0b07fc429f5d\",\"threadId\":\"54419181-ce43-4d06-b9f1-564e5092183d\",\"userIp\":\"127.17.0.1\"},\"threadId\":204,\"threadPriority\":5}\r",
    "created": "2019-04-30T18:54:09.6802872Z",
    "tag": "14cb73fd827b",
    "version": "1.1",
    "source_host": "172.17.0.1",
    "container_id": "14cb73fd827b5d0dc0c9a991131f55b43a302539364bfc2b7fa0cd4431855ebf",
    "image_id": "sha256:6af0623e35cedc362aadd875d2232d113be73fda3b1cb6dcd09b12d41cdadc70",
    "host": "linuxkit-00155d0cba2d",
    "image_name": "corporation/appapi:2.1",
    "container_name": "appapi",
    "level": 6
  },
  "fields": {
    "created": [
      "2019-04-30T18:54:09.680Z"
    ],
    "@timestamp": [
      "2019-04-30T19:02:01.550Z"
    ]
  },
  "sort": [
    1556650921550
  ]
}

这是“消息”中的 json,我想包含所有字段:

{
    "thread": "default task-1",
    "level": "DEBUG",
    "loggerName": "com.corporation.app.configuration.LoggerInterceptor",
    "message": "thread=INI",
    "endOfBatch": false,
    "loggerFqcn": "org.apache.logging.log4j.spi.AbstractLogger",
    "instant": {
        "epochSecond": 1556650921,
        "nanoOfSecond": 548899000
    },
    "contextMap": {
        "path": "/appAPI/v2/operation/a661e1c6-01df-4fb6-bf35-0b07fc429f5d",
        "threadId": "54419181-ce43-4d06-b9f1-564e5092183d",
        "userIp": "127.17.0.1"
    },
    "threadId": 204,
    "threadPriority": 5
}

谢谢

4

0 回答 0