"message" => " 10.171.246.184 [11/Sep/2016:14:42:53 +0800] \"GET /wechat/home.html?useragent=android_h5_zjcap&apiver=2 HTTP/1.1\" - 200 11601 \"-\" \"okhttp/2.6.0\" 0.001 182.239.100.236",

                "@version" => "1",

              "@timestamp" => "2016-09-11T06:43:14.948Z",

                    "path" => "/data01/applog_backup/zjzc_log/zj-frontend01-access.2016-09-11",

                    "host" => "dr-mysql01.zjcap.com",

                    "type" => "zj_frontend_access",

                "clientip" => "10.171.246.184",

                    "time" => "11/Sep/2016:14:42:53 +0800",

                    "verb" => "GET",

                 "request" => "/wechat/home.html",

             "httpversion" => "1.1",

        "http_status_code" => "200",

                   "bytes" => "11601",

            "http_referer" => "-",

         "http_user_agent" => "okhttp/2.6.0",

            "request_time" => 0.001,

    "http_x_forwarded_for" => "182.239.100.236",

                   "geoip" => {

                    "ip" => "182.239.100.236",

         "country_code2" => "HK",

         "country_code3" => "HKG",

          "country_name" => "Hong Kong",

        "continent_code" => "AS",

           "region_name" => "00",

             "city_name" => "Kwai Chung",

              "latitude" => 22.349999999999994,

             "longitude" => 114.13330000000002,

              "timezone" => "Asia/Hong_Kong",

              "location" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ],

           "coordinates" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ]

    }

}

filter {

    grok {

        match =>[

             "message","%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request}\?.* HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)",

             "message" , "%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)"

        ]

    }

        geoip {

                        source => "http_x_forwarded_for"

                        target => "geoip"

                        database => "/usr/local/logstash-2.3.4/etc/GeoLiteCity.dat"

                        add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]

                        add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]

                }

                mutate {

                        convert => [ "[geoip][coordinates]", "float"]

                        convert => [ "request_time", "float"]

                       add_field =>["[geoip][request_time]","%{request_time}"]

                }

}

                 "message" => " 10.252.142.174 [11/Sep/2016:14:45:24 +0800] \"GET /wechat/images/about/lss.7dcc3a4c.png HTTP/1.1\" - 200 5147 \"https://www.zjcap.cn/wechat/safe.html?useragent=android_h5_zjcap\" \"Mozilla/5.0 (Linux; Android 6.0; HUAWEI NXT-L29 Build/HUAWEINXT-L29; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.98 Mobile Safari/537.36 android_h5_zjcap\" 0.000 182.239.100.236",

                "@version" => "1",

              "@timestamp" => "2016-09-11T06:47:02.315Z",

                    "path" => "/data01/applog_backup/zjzc_log/zj-frontend02-access.2016-09-11",

                    "host" => "dr-mysql01.zjcap.com",

                    "type" => "zj_frontend_access",

                "clientip" => "10.252.142.174",

                    "time" => "11/Sep/2016:14:45:24 +0800",

                    "verb" => "GET",

                 "request" => "/wechat/images/about/lss.7dcc3a4c.png",

             "httpversion" => "1.1",

        "http_status_code" => "200",

                   "bytes" => "5147",

            "http_referer" => "https://www.zjcap.cn/wechat/safe.html?useragent=android_h5_zjcap",

         "http_user_agent" => "Mozilla/5.0 (Linux; Android 6.0; HUAWEI NXT-L29 Build/HUAWEINXT-L29; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.98 Mobile Safari/537.36 android_h5_zjcap",

            "request_time" => 0.0,

    "http_x_forwarded_for" => "182.239.100.236",

                   "geoip" => {

                    "ip" => "182.239.100.236",

         "country_code2" => "HK",

         "country_code3" => "HKG",

          "country_name" => "Hong Kong",

        "continent_code" => "AS",

           "region_name" => "00",

             "city_name" => "Kwai Chung",

              "latitude" => 22.349999999999994,

             "longitude" => 114.13330000000002,

              "timezone" => "Asia/Hong_Kong",

              "location" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ],

           "coordinates" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ],

          "request_time" => 0.0

    }

}

给 geoip 添加一列,add_field =>["[geoip][request_time]","%{request_time}"]

geoip 添加一列,add_field =>["[geoip][request_time]","%{request_time}"]的更多相关文章

  1. 给numpy矩阵添加一列

    问题的定义: 首先我们有一个数据是一个mn的numpy矩阵现在我们希望能够进行给他加上一列变成一个m(n+1)的矩阵 import numpy as np a = np.array([[1,2,3], ...

  2. GridView 动态添加绑定列和模板列

    动态添加绑定列很简单:例如: GridView1.DataSourceID = "SqlDataSource1"; BoundField bf1 = new BoundField( ...

  3. DataGridView中添加CheckBox列用于选择行

    DataGridView中添加CheckBox列用于选择行 1,编辑DataGridView,添加一列 CheckBox ,Name 赋值为 "select",如下图: 2,取消 ...

  4. ASP.NET 为GridView添加序号列,且支持分页连续累计显示

    为GridView添加序号列,且支持分页连续累计显示,废话不多说,直接上代码: <%@ Page Language="C#" AutoEventWireup="tr ...

  5. mysql修改表名,列名,列类型,添加表列,删除表列

    alter table test rename test1; --修改表名 ); --添加表列 alter table test drop column name; --删除表列 ) --修改表列类型 ...

  6. Mysql下在某一列后即表的某一位置添加新列的sql语句

    Mysql简介 MySQL是一个开放源码的小型关联式数据库管理系统,开发者为瑞典MySQL AB公司.MySQL被广泛地应用在Internet上的中小型网站中.由于其体积小.速度快.总体拥有成本低,尤 ...

  7. GridControl控件添加按钮列及在按钮Click事件中得到行数据 zt

    在GridControl中添加按钮列的步骤如下: 1. 把列的ColumnEdit属性设置为RepositoryItemButtonEdit 2. 把TextEditStyle属性设置为HideTex ...

  8. [Ext JS 4] 实战之Grid, Tree Gird 添加按钮列

    引言 贴一个grid 的例子先: 有这样一个需求: 1. 给 Grid(or Tree Grid)添加一列, 这一列显示是Button. 点击之后可以对这一行进行一些操作 2. 这一列每一行对应的按钮 ...

  9. ASP.NET repeater添加序号列的方法

    ASP.NET repeater添加序号列的方法 1.<itemtemplate> <tr><td> <%# Container.ItemIndex + 1% ...

随机推荐

  1. jQuery手机触屏左右滑动切换焦点图特效代码

    原文地址:http://www.17sucai.com/pins/4857.html 演示地址:http://www.17sucai.com/pins/demoshow/4857 干净演示地址:htt ...

  2. Decorator学习笔记

    初学者,自己的理解,请各位前辈不吝指正! Decorator,装饰模式,设计模式之一,谈谈我的理解,装饰这个词在我概念中就是给某个事物加上一些美丽的外表,把它变得更加完美.但是装饰是可以随时改变的,可 ...

  3. 专访OPPO李紫贵:ColorOS用户过千万 软硬融合生态版图初现

    专访OPPO李紫贵:ColorOS用户过千万 软硬融合生态版图初现 专访OPPO李紫贵:ColorOS用户过千万 软硬融合生态版图初现

  4. TableView 校检表

    这俩天学习了tableView 校检表 主要就是通过一个方法来跟踪当前选中的行.下面将声明一个NSIndexPath 的属性来跟踪最后选中的行.这篇文章希望能给那些初学者带来学习的乐趣.不说了直接上代 ...

  5. c语言函数定义、函数声明、函数调用以及extern跨文件的变量引用

    1.如果没有定义,只有声明和调用:编译时会报连接错误.undefined reference to `func_in_a'2.如果没有声明,只有定义和调用:编译时一般会报警告,极少数情况下不会报警告. ...

  6. inline-block及解决空白间距

    參考:http://www.jb51.net/css/76707.html http://www.webhek.com/remove-whitespace-inline-block/ inline-b ...

  7. hdu 2853

    虚拟赛一开始lyf就对我说这是一道匹配的题目,我一看明显裸的最优匹配,敲完提交wrong, 题目要求改变尽量少的公司,就是如果遇到相等的权值,优先选择跟他原来匹配的,KM匹配是按序号大小来的,如果一个 ...

  8. Java学习笔记——IO操作之对象序列化及反序列化

    对象序列化的概念 对象序列化使得一个程序可以把一个完整的对象写到一个字节流里面:其逆过程则是从一个字节流里面读出一个事先存储在里面的完整的对象,称为对象的反序列化. 将一个对象保存到永久存储设备上称为 ...

  9. springmvc4+hibernate4分页查询功能

    Springmvc+hibernate成为现在很多人用的框架整合,最近自己也在学习摸索,由于我们在开发项目中很多项目都用到列表分页功能,在此参考网上一些资料,以springmvc4+hibnerate ...

  10. Struts2上传文件

    jsp: <form action="file_upload.action" method="post" enctype="multipart/ ...