0
我正在嘗試使用logstash完成一項簡單任務:我需要對日誌文件中的日誌級別進行計數。我試圖使用度量過濾器。Logstash計數輸出
換做我的測試,我用一個簡單的文件是這樣的:
INFO
WARN
INFO
WARN
INFO
WARN
INFO
而且我用這個的conf文件:
input {
stdin { type => "api" }
}
filter {
grok {
match => [ "message", "%{LOGLEVEL:loglevel}" ]
}
if [loglevel] == "WARN" {
metrics {
meter => "warn"
add_tag => "metric"
}
}
}
output {
if "metric" in [tags] {
stdout {
codec => line {
format => "warn count: %{[warn][count]}"
}
}
}
}
的警告計數是準確的,我得到這樣的輸出:
io/console not supported; tty will not be manipulated
Settings: Default pipeline workers: 8
Logstash startup completed
warn count: 3
warn count: 3
warn count: 3
warn count: 3
warn count: 3
warn count: 3
warn count: 3
warn count: 3
warn count: 3
Logstash shutdown completed
任何人都可以解釋我爲什麼總是有9行輸出?我怎麼做才能得到一條線?