我在Kibana UI中有JSON,其中包含以下信息以及其他详细信息:-
host.name abcd
message 2020-07-29 03:59:19,393 -0700 INFO [http-nio-8080-exec-2139] abchohfowhofnfnnfnwlnflw
CLIENT_ID=MNOPQR xysbxs
我只想过滤部分CLIENT_ID = MNOPQR作为Kibana中的搜索结果。基本上,我想获取主机abcd上的所有client_id名称。是否可以获取数据?
最佳答案
您需要过滤host.name ='abcd'
然后使用管道处理器,您可以提取客户端ID,如下所示
POST _ingest/pipeline/_simulate
{
"pipeline": {
"description" : "parse multiple patterns",
"processors": [
{
"grok": {
"field": "message",
"patterns": [ "CLIENT_ID=%{NOTSPACE:client_value}" ]
}
}
]
},
"docs":[
{
"_source": {
"message": "2020-07-29 03:59:19,393 -0700 INFO [http-nio-8080-exec-2139] abchohfowhofnfnnfnwlnflw CLIENT_ID=MNOPQR xysbxs"
}
}
]
}
And the result is
{
"docs" : [
{
"doc" : {
"_index" : "_index",
"_type" : "_doc",
"_id" : "_id",
"_source" : {
"message" : "2020-07-29 03:59:19,393 -0700 INFO [http-nio-8080-exec-2139] abchohfowhofnfnnfnwlnflw CLIENT_ID=MNOPQR xysbxs",
"client_value" : "MNOPQR"
},
"_ingest" : {
"timestamp" : "2020-07-29T18:25:29.07763Z"
}
}
}
]
}
enter code here
关于elasticsearch - 使用Kibana在 Elasticsearch 中过滤邮件正文,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/63152207/