我怎樣才能使用logstash建立索引json文件？

Question

我嘗試使索引我的json文件，如下所示。我必須寫一個grok表達式。但我做不到？你可以幫我嗎？

{"level":"Information","ClientIP":"10.201.21.188","Test":"10.210.21.188"} 
 
{"level":"Information","ClientIP":"10.202.21.187","Test":"10.220.21.188"} 
 
{"level":"Information","ClientIP":"10.203.21.186","Test":"10.230.21.188"} 
 
{"level":"Information","ClientIP":"10.204.21.185","Test":"10.240.21.188"}

我logstash.conf低於：

input { 
 
    file { 
 
    type => "json" 
 
    path => ["C:/logs/test-20170933.json"] 
 
    start_position => "beginning" 
 
    } 
 
} 
 
filter { 
 
    grok { 
 
     match => [ "message","%{WORD:level} I HAVE TO WRITE OTHER ELEMENTS BUT HOW????"] 
 
    } 
 
    json { 
 
      source => "message" 
 
     } 
 
} 
 
output { 
 
\t stdout { 
 
    codec => rubydebug 
 
    } 
 
    elasticsearch { 
 
     hosts => [ "localhost:9200" ] 
 
     index => "logstash-%{+YYYY.MM.dd}" 
 
    } 
 
}

我想，我們需要神交表達才達到這一點。此外，我願意爲此提供新的創意解決方案。

Answer 1

你不需要任何神交，你file輸入僅需要一個JSON編解碼器，你是好去：

input { 
    file { 
    type => "json" 
    path => ["C:/logs/test-20170933.json"] 
    start_position => "beginning" 
    codec => "json"     <-- add this 
    } 
} 
filter { 
} 
output { 
    stdout { 
     codec => rubydebug 
    } 
    elasticsearch { 
     hosts => [ "localhost:9200" ] 
     index => "logstash-%{+YYYY.MM.dd}" 
    } 
}