"message" => " 10.171.246.184 [11/Sep/2016:14:42:53 +0800] \"GET /wechat/home.html?useragent=android_h5_zjcap&apiver=2 HTTP/1.1\" - 200 11601 \"-\" \"okhttp/2.6.0\" 0.001 182.239.100.236",

                "@version" => "1",

              "@timestamp" => "2016-09-11T06:43:14.948Z",

                    "path" => "/data01/applog_backup/zjzc_log/zj-frontend01-access.2016-09-11",

                    "host" => "dr-mysql01.zjcap.com",

                    "type" => "zj_frontend_access",

                "clientip" => "10.171.246.184",

                    "time" => "11/Sep/2016:14:42:53 +0800",

                    "verb" => "GET",

                 "request" => "/wechat/home.html",

             "httpversion" => "1.1",

        "http_status_code" => "200",

                   "bytes" => "11601",

            "http_referer" => "-",

         "http_user_agent" => "okhttp/2.6.0",

            "request_time" => 0.001,

    "http_x_forwarded_for" => "182.239.100.236",

                   "geoip" => {

                    "ip" => "182.239.100.236",

         "country_code2" => "HK",

         "country_code3" => "HKG",

          "country_name" => "Hong Kong",

        "continent_code" => "AS",

           "region_name" => "00",

             "city_name" => "Kwai Chung",

              "latitude" => 22.349999999999994,

             "longitude" => 114.13330000000002,

              "timezone" => "Asia/Hong_Kong",

              "location" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ],

           "coordinates" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ]

    }

}

filter {

    grok {

        match =>[

             "message","%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request}\?.* HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)",

             "message" , "%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)"

        ]

    }

        geoip {

                        source => "http_x_forwarded_for"

                        target => "geoip"

                        database => "/usr/local/logstash-2.3.4/etc/GeoLiteCity.dat"

                        add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]

                        add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]

                }

                mutate {

                        convert => [ "[geoip][coordinates]", "float"]

                        convert => [ "request_time", "float"]

                       add_field =>["[geoip][request_time]","%{request_time}"]

                }

}

                 "message" => " 10.252.142.174 [11/Sep/2016:14:45:24 +0800] \"GET /wechat/images/about/lss.7dcc3a4c.png HTTP/1.1\" - 200 5147 \"https://www.zjcap.cn/wechat/safe.html?useragent=android_h5_zjcap\" \"Mozilla/5.0 (Linux; Android 6.0; HUAWEI NXT-L29 Build/HUAWEINXT-L29; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.98 Mobile Safari/537.36 android_h5_zjcap\" 0.000 182.239.100.236",

                "@version" => "1",

              "@timestamp" => "2016-09-11T06:47:02.315Z",

                    "path" => "/data01/applog_backup/zjzc_log/zj-frontend02-access.2016-09-11",

                    "host" => "dr-mysql01.zjcap.com",

                    "type" => "zj_frontend_access",

                "clientip" => "10.252.142.174",

                    "time" => "11/Sep/2016:14:45:24 +0800",

                    "verb" => "GET",

                 "request" => "/wechat/images/about/lss.7dcc3a4c.png",

             "httpversion" => "1.1",

        "http_status_code" => "200",

                   "bytes" => "5147",

            "http_referer" => "https://www.zjcap.cn/wechat/safe.html?useragent=android_h5_zjcap",

         "http_user_agent" => "Mozilla/5.0 (Linux; Android 6.0; HUAWEI NXT-L29 Build/HUAWEINXT-L29; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.98 Mobile Safari/537.36 android_h5_zjcap",

            "request_time" => 0.0,

    "http_x_forwarded_for" => "182.239.100.236",

                   "geoip" => {

                    "ip" => "182.239.100.236",

         "country_code2" => "HK",

         "country_code3" => "HKG",

          "country_name" => "Hong Kong",

        "continent_code" => "AS",

           "region_name" => "00",

             "city_name" => "Kwai Chung",

              "latitude" => 22.349999999999994,

             "longitude" => 114.13330000000002,

              "timezone" => "Asia/Hong_Kong",

              "location" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ],

           "coordinates" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ],

          "request_time" => 0.0

    }

}

给 geoip 添加一列,add_field =>["[geoip][request_time]","%{request_time}"]

geoip 添加一列,add_field =>["[geoip][request_time]","%{request_time}"]的更多相关文章

  1. 给numpy矩阵添加一列

    问题的定义: 首先我们有一个数据是一个mn的numpy矩阵现在我们希望能够进行给他加上一列变成一个m(n+1)的矩阵 import numpy as np a = np.array([[1,2,3], ...

  2. GridView 动态添加绑定列和模板列

    动态添加绑定列很简单:例如: GridView1.DataSourceID = "SqlDataSource1"; BoundField bf1 = new BoundField( ...

  3. DataGridView中添加CheckBox列用于选择行

    DataGridView中添加CheckBox列用于选择行 1,编辑DataGridView,添加一列 CheckBox ,Name 赋值为 "select",如下图: 2,取消 ...

  4. ASP.NET 为GridView添加序号列,且支持分页连续累计显示

    为GridView添加序号列,且支持分页连续累计显示,废话不多说,直接上代码: <%@ Page Language="C#" AutoEventWireup="tr ...

  5. mysql修改表名,列名,列类型,添加表列,删除表列

    alter table test rename test1; --修改表名 ); --添加表列 alter table test drop column name; --删除表列 ) --修改表列类型 ...

  6. Mysql下在某一列后即表的某一位置添加新列的sql语句

    Mysql简介 MySQL是一个开放源码的小型关联式数据库管理系统,开发者为瑞典MySQL AB公司.MySQL被广泛地应用在Internet上的中小型网站中.由于其体积小.速度快.总体拥有成本低,尤 ...

  7. GridControl控件添加按钮列及在按钮Click事件中得到行数据 zt

    在GridControl中添加按钮列的步骤如下: 1. 把列的ColumnEdit属性设置为RepositoryItemButtonEdit 2. 把TextEditStyle属性设置为HideTex ...

  8. [Ext JS 4] 实战之Grid, Tree Gird 添加按钮列

    引言 贴一个grid 的例子先: 有这样一个需求: 1. 给 Grid(or Tree Grid)添加一列, 这一列显示是Button. 点击之后可以对这一行进行一些操作 2. 这一列每一行对应的按钮 ...

  9. ASP.NET repeater添加序号列的方法

    ASP.NET repeater添加序号列的方法 1.<itemtemplate> <tr><td> <%# Container.ItemIndex + 1% ...

随机推荐

  1. logstash 通过type判断

    [elk@zjtest7-frontend type]$ cat input.conf input { file { type => "type_a" path => ...

  2. ssh秘钥交换详解与实现 diffie-hellman-group-exchange-sha

    ssh的DH秘钥交换是一套复合几种算法的秘钥交换算法.在RFC4419中称为diffie-hellman-groupX-exchange-shaX 的算法(也有另一种单纯的 rsaX-shaX 交换算 ...

  3. 【POJ2777】Count Color(线段树)

    以下是题目大意: 有水平方向上很多块板子拼成的墙,一开始每一块都被涂成了颜色1,有C和P两个操作,代表的意思是:C X Y Z —— 从X到Y将板子涂成颜色ZP X Y    —— 查询X到Y的板子共 ...

  4. 选择Comparable接口还是Comparator

    个人理解: 如果我本身知道这个类的对象我要用来比较,那么就拿这个类实现Comparable接口(compareTo(Object o) 方法).如果我本身没有预料到我要比较这个类的对象,那么,我可以建 ...

  5. eclipse 添加resources 目录

    java项目需要一些配置,配置放置目录如:/src/main/resources; 如果没有这个文件夹,需要右键项目>new>source folder > Folder name ...

  6. 多路复用I/O select()

    select(),poll(),epoll()的总结:http://www.cnblogs.com/Anker/p/3265058.html 在socket编程中,仅仅使用connect,accept ...

  7. 最流行的android组件大全

    目录 [−] 工具和教程 UI组件 类库 游戏引擎 Android HTML5应用 Android 是目前最流行的移动操作系统(还需要加之一吗?). 随着新版本的不断发布, Android的功能也日益 ...

  8. Solr 安装与集成IK中文分词器

    创建wangchuanfu core 1.  在example目录下创建wangchuanfu-solr文件夹: 2.  将./solr下的solr.xml拷贝到wangchuanfu-solr目录下 ...

  9. python-socket 粘包问题

    解决粘包的问题: 1.服务端在发送数据之前,先把发送数据的长度告诉客户端,要发送多少数据,然后客户端根据这个数据的长度循环接收就OK 传输过程: 服务端:     1.send  #数据长度     ...

  10. bit、byte、位、字节、字符串等概念

    原始文章:http://djt.qq.com/article/view/658 1.古代送信:马车,烽火,信鸽 2.1837年,世界第一条电报诞生, 美国科学家莫尔斯尝试用一些“点”和“划”来表示不同 ...