geoip 添加一列,add_field =>["[geoip][request_time]","%{request_time}"]
"message" => " 10.171.246.184 [11/Sep/2016:14:42:53 +0800] \"GET /wechat/home.html?useragent=android_h5_zjcap&apiver=2 HTTP/1.1\" - 200 11601 \"-\" \"okhttp/2.6.0\" 0.001 182.239.100.236",
"@version" => "1",
"@timestamp" => "2016-09-11T06:43:14.948Z",
"path" => "/data01/applog_backup/zjzc_log/zj-frontend01-access.2016-09-11",
"host" => "dr-mysql01.zjcap.com",
"type" => "zj_frontend_access",
"clientip" => "10.171.246.184",
"time" => "11/Sep/2016:14:42:53 +0800",
"verb" => "GET",
"request" => "/wechat/home.html",
"httpversion" => "1.1",
"http_status_code" => "200",
"bytes" => "11601",
"http_referer" => "-",
"http_user_agent" => "okhttp/2.6.0",
"request_time" => 0.001,
"http_x_forwarded_for" => "182.239.100.236",
"geoip" => {
"ip" => "182.239.100.236",
"country_code2" => "HK",
"country_code3" => "HKG",
"country_name" => "Hong Kong",
"continent_code" => "AS",
"region_name" => "00",
"city_name" => "Kwai Chung",
"latitude" => 22.349999999999994,
"longitude" => 114.13330000000002,
"timezone" => "Asia/Hong_Kong",
"location" => [
[0] 114.13330000000002,
[1] 22.349999999999994
],
"coordinates" => [
[0] 114.13330000000002,
[1] 22.349999999999994
]
}
} filter {
grok {
match =>[
"message","%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request}\?.* HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)",
"message" , "%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)" ]
}
geoip {
source => "http_x_forwarded_for"
target => "geoip"
database => "/usr/local/logstash-2.3.4/etc/GeoLiteCity.dat"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
mutate {
convert => [ "[geoip][coordinates]", "float"]
convert => [ "request_time", "float"]
add_field =>["[geoip][request_time]","%{request_time}"]
} } "message" => " 10.252.142.174 [11/Sep/2016:14:45:24 +0800] \"GET /wechat/images/about/lss.7dcc3a4c.png HTTP/1.1\" - 200 5147 \"https://www.zjcap.cn/wechat/safe.html?useragent=android_h5_zjcap\" \"Mozilla/5.0 (Linux; Android 6.0; HUAWEI NXT-L29 Build/HUAWEINXT-L29; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.98 Mobile Safari/537.36 android_h5_zjcap\" 0.000 182.239.100.236",
"@version" => "1",
"@timestamp" => "2016-09-11T06:47:02.315Z",
"path" => "/data01/applog_backup/zjzc_log/zj-frontend02-access.2016-09-11",
"host" => "dr-mysql01.zjcap.com",
"type" => "zj_frontend_access",
"clientip" => "10.252.142.174",
"time" => "11/Sep/2016:14:45:24 +0800",
"verb" => "GET",
"request" => "/wechat/images/about/lss.7dcc3a4c.png",
"httpversion" => "1.1",
"http_status_code" => "200",
"bytes" => "5147",
"http_referer" => "https://www.zjcap.cn/wechat/safe.html?useragent=android_h5_zjcap",
"http_user_agent" => "Mozilla/5.0 (Linux; Android 6.0; HUAWEI NXT-L29 Build/HUAWEINXT-L29; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.98 Mobile Safari/537.36 android_h5_zjcap",
"request_time" => 0.0,
"http_x_forwarded_for" => "182.239.100.236",
"geoip" => {
"ip" => "182.239.100.236",
"country_code2" => "HK",
"country_code3" => "HKG",
"country_name" => "Hong Kong",
"continent_code" => "AS",
"region_name" => "00",
"city_name" => "Kwai Chung",
"latitude" => 22.349999999999994,
"longitude" => 114.13330000000002,
"timezone" => "Asia/Hong_Kong",
"location" => [
[0] 114.13330000000002,
[1] 22.349999999999994
],
"coordinates" => [
[0] 114.13330000000002,
[1] 22.349999999999994
],
"request_time" => 0.0
}
} 给 geoip 添加一列,add_field =>["[geoip][request_time]","%{request_time}"]
geoip 添加一列,add_field =>["[geoip][request_time]","%{request_time}"]的更多相关文章
- 给numpy矩阵添加一列
问题的定义: 首先我们有一个数据是一个mn的numpy矩阵现在我们希望能够进行给他加上一列变成一个m(n+1)的矩阵 import numpy as np a = np.array([[1,2,3], ...
- GridView 动态添加绑定列和模板列
动态添加绑定列很简单:例如: GridView1.DataSourceID = "SqlDataSource1"; BoundField bf1 = new BoundField( ...
- DataGridView中添加CheckBox列用于选择行
DataGridView中添加CheckBox列用于选择行 1,编辑DataGridView,添加一列 CheckBox ,Name 赋值为 "select",如下图: 2,取消 ...
- ASP.NET 为GridView添加序号列,且支持分页连续累计显示
为GridView添加序号列,且支持分页连续累计显示,废话不多说,直接上代码: <%@ Page Language="C#" AutoEventWireup="tr ...
- mysql修改表名,列名,列类型,添加表列,删除表列
alter table test rename test1; --修改表名 ); --添加表列 alter table test drop column name; --删除表列 ) --修改表列类型 ...
- Mysql下在某一列后即表的某一位置添加新列的sql语句
Mysql简介 MySQL是一个开放源码的小型关联式数据库管理系统,开发者为瑞典MySQL AB公司.MySQL被广泛地应用在Internet上的中小型网站中.由于其体积小.速度快.总体拥有成本低,尤 ...
- GridControl控件添加按钮列及在按钮Click事件中得到行数据 zt
在GridControl中添加按钮列的步骤如下: 1. 把列的ColumnEdit属性设置为RepositoryItemButtonEdit 2. 把TextEditStyle属性设置为HideTex ...
- [Ext JS 4] 实战之Grid, Tree Gird 添加按钮列
引言 贴一个grid 的例子先: 有这样一个需求: 1. 给 Grid(or Tree Grid)添加一列, 这一列显示是Button. 点击之后可以对这一行进行一些操作 2. 这一列每一行对应的按钮 ...
- ASP.NET repeater添加序号列的方法
ASP.NET repeater添加序号列的方法 1.<itemtemplate> <tr><td> <%# Container.ItemIndex + 1% ...
随机推荐
- scriptol图像处理算法
神奇的图像处理算法 相似图片搜索是利用数学算法,进行高难度图像处理的一个例子.事实上,图像处理的数学算法,已经发展到令人叹为观止的地步. Scriptol列出了几种神奇的图像处理算法,让我们一起来 ...
- 【转】Service Intent must be explicit的解决方法
原文网址:http://blog.csdn.net/shenzhonglaoxu/article/details/42675287 今天在学习android的Service组件的时候,在Android ...
- TortoiseGit 使用教程
原文地址:http://blog.csdn.net/ethan_xue/article/details/7749639 git的使用越来越广泛 使用命令比较麻烦,下面讲解一下tortoisegit的使 ...
- hdu5045:带权二分图匹配
题目大意 : n个人 做m道题,其中 每连续的n道必须由不同的人做 已知第i人做出第j题的概率为pij,求最大期望 思路:考虑每连续的n道题 都要n个人来做,显然想到了带权的二分图匹配 然后就是套模板 ...
- 关于bootstrap--网格系统
1. 2.偏移列(col-md-offset-*):为了在大屏幕显示器上使用偏移,请使用 .col-md-offset-* 类.这些类会把一个列的左外边距(margin)增加 * 列,其中 * 范围是 ...
- hdu 5685 Problem A
Problem Description 度熊手上有一本字典存储了大量的单词,有一次,他把所有单词组成了一个很长很长的字符串.现在麻烦来了,他忘记了原来的字符串都是什么,神奇的是他竟然记得原来那些字符串 ...
- VC6.0建立控制台程序实现PDA应用
作者:iamlaosong 由于须要,又写起了文本界面的程序,以便PDA通过telnet连上运行. 假设是Linuxserver的话.这是非常easy的事,但是用户server是windows ser ...
- JMeter数据库性能测试
要测试一个服务器的性能,客户要求向数据库内 1000/s(每插入一千条数据)的处理能力 前提条件:一个数据库:test 数据库下面有一张表:user 表中有两个字段:username.pass ...
- Android ActionBar详解(三):ActionBar实现切换Tabs标签
实现切换Tabs标签; Activity代码: public class ActionBarTabs extends Activity { @Override protected void onCre ...
- Dynamics CRM 常用 JS 方法集合
JS部分 拿到字段的值 var value= Xrm.Page.getAttribute("attributename").getValue(); Xrm.Page.getAttr ...