"message" => " 10.171.246.184 [11/Sep/2016:14:42:53 +0800] \"GET /wechat/home.html?useragent=android_h5_zjcap&apiver=2 HTTP/1.1\" - 200 11601 \"-\" \"okhttp/2.6.0\" 0.001 182.239.100.236",

                "@version" => "1",

              "@timestamp" => "2016-09-11T06:43:14.948Z",

                    "path" => "/data01/applog_backup/zjzc_log/zj-frontend01-access.2016-09-11",

                    "host" => "dr-mysql01.zjcap.com",

                    "type" => "zj_frontend_access",

                "clientip" => "10.171.246.184",

                    "time" => "11/Sep/2016:14:42:53 +0800",

                    "verb" => "GET",

                 "request" => "/wechat/home.html",

             "httpversion" => "1.1",

        "http_status_code" => "200",

                   "bytes" => "11601",

            "http_referer" => "-",

         "http_user_agent" => "okhttp/2.6.0",

            "request_time" => 0.001,

    "http_x_forwarded_for" => "182.239.100.236",

                   "geoip" => {

                    "ip" => "182.239.100.236",

         "country_code2" => "HK",

         "country_code3" => "HKG",

          "country_name" => "Hong Kong",

        "continent_code" => "AS",

           "region_name" => "00",

             "city_name" => "Kwai Chung",

              "latitude" => 22.349999999999994,

             "longitude" => 114.13330000000002,

              "timezone" => "Asia/Hong_Kong",

              "location" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ],

           "coordinates" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ]

    }

}

filter {

    grok {

        match =>[

             "message","%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request}\?.* HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)",

             "message" , "%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)"

        ]

    }

        geoip {

                        source => "http_x_forwarded_for"

                        target => "geoip"

                        database => "/usr/local/logstash-2.3.4/etc/GeoLiteCity.dat"

                        add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]

                        add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]

                }

                mutate {

                        convert => [ "[geoip][coordinates]", "float"]

                        convert => [ "request_time", "float"]

                       add_field =>["[geoip][request_time]","%{request_time}"]

                }

}

                 "message" => " 10.252.142.174 [11/Sep/2016:14:45:24 +0800] \"GET /wechat/images/about/lss.7dcc3a4c.png HTTP/1.1\" - 200 5147 \"https://www.zjcap.cn/wechat/safe.html?useragent=android_h5_zjcap\" \"Mozilla/5.0 (Linux; Android 6.0; HUAWEI NXT-L29 Build/HUAWEINXT-L29; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.98 Mobile Safari/537.36 android_h5_zjcap\" 0.000 182.239.100.236",

                "@version" => "1",

              "@timestamp" => "2016-09-11T06:47:02.315Z",

                    "path" => "/data01/applog_backup/zjzc_log/zj-frontend02-access.2016-09-11",

                    "host" => "dr-mysql01.zjcap.com",

                    "type" => "zj_frontend_access",

                "clientip" => "10.252.142.174",

                    "time" => "11/Sep/2016:14:45:24 +0800",

                    "verb" => "GET",

                 "request" => "/wechat/images/about/lss.7dcc3a4c.png",

             "httpversion" => "1.1",

        "http_status_code" => "200",

                   "bytes" => "5147",

            "http_referer" => "https://www.zjcap.cn/wechat/safe.html?useragent=android_h5_zjcap",

         "http_user_agent" => "Mozilla/5.0 (Linux; Android 6.0; HUAWEI NXT-L29 Build/HUAWEINXT-L29; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.98 Mobile Safari/537.36 android_h5_zjcap",

            "request_time" => 0.0,

    "http_x_forwarded_for" => "182.239.100.236",

                   "geoip" => {

                    "ip" => "182.239.100.236",

         "country_code2" => "HK",

         "country_code3" => "HKG",

          "country_name" => "Hong Kong",

        "continent_code" => "AS",

           "region_name" => "00",

             "city_name" => "Kwai Chung",

              "latitude" => 22.349999999999994,

             "longitude" => 114.13330000000002,

              "timezone" => "Asia/Hong_Kong",

              "location" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ],

           "coordinates" => [

            [0] 114.13330000000002,

            [1] 22.349999999999994

        ],

          "request_time" => 0.0

    }

}

给 geoip 添加一列,add_field =>["[geoip][request_time]","%{request_time}"]

geoip 添加一列,add_field =>["[geoip][request_time]","%{request_time}"]的更多相关文章

  1. 给numpy矩阵添加一列

    问题的定义: 首先我们有一个数据是一个mn的numpy矩阵现在我们希望能够进行给他加上一列变成一个m(n+1)的矩阵 import numpy as np a = np.array([[1,2,3], ...

  2. GridView 动态添加绑定列和模板列

    动态添加绑定列很简单:例如: GridView1.DataSourceID = "SqlDataSource1"; BoundField bf1 = new BoundField( ...

  3. DataGridView中添加CheckBox列用于选择行

    DataGridView中添加CheckBox列用于选择行 1,编辑DataGridView,添加一列 CheckBox ,Name 赋值为 "select",如下图: 2,取消 ...

  4. ASP.NET 为GridView添加序号列,且支持分页连续累计显示

    为GridView添加序号列,且支持分页连续累计显示,废话不多说,直接上代码: <%@ Page Language="C#" AutoEventWireup="tr ...

  5. mysql修改表名,列名,列类型,添加表列,删除表列

    alter table test rename test1; --修改表名 ); --添加表列 alter table test drop column name; --删除表列 ) --修改表列类型 ...

  6. Mysql下在某一列后即表的某一位置添加新列的sql语句

    Mysql简介 MySQL是一个开放源码的小型关联式数据库管理系统,开发者为瑞典MySQL AB公司.MySQL被广泛地应用在Internet上的中小型网站中.由于其体积小.速度快.总体拥有成本低,尤 ...

  7. GridControl控件添加按钮列及在按钮Click事件中得到行数据 zt

    在GridControl中添加按钮列的步骤如下: 1. 把列的ColumnEdit属性设置为RepositoryItemButtonEdit 2. 把TextEditStyle属性设置为HideTex ...

  8. [Ext JS 4] 实战之Grid, Tree Gird 添加按钮列

    引言 贴一个grid 的例子先: 有这样一个需求: 1. 给 Grid(or Tree Grid)添加一列, 这一列显示是Button. 点击之后可以对这一行进行一些操作 2. 这一列每一行对应的按钮 ...

  9. ASP.NET repeater添加序号列的方法

    ASP.NET repeater添加序号列的方法 1.<itemtemplate> <tr><td> <%# Container.ItemIndex + 1% ...

随机推荐

  1. BZOJ2212: [Poi2011]Tree Rotations

    2212: [Poi2011]Tree Rotations Time Limit: 20 Sec  Memory Limit: 259 MBSubmit: 391  Solved: 127[Submi ...

  2. 揭开枚举类的面纱(Unlocking the Enumeration/enum Mystery)

    枚举给用户定义固定数据组提供了方便.枚举类就是一系列常量整型值,这也就意味着枚举类型不能被修改. 这里我们将要讨论C语言中枚举类型的用法和限制. 枚举通过枚举关键值定义,类似结构体定义 语法(Synt ...

  3. Raid1源代码分析--初始化流程

    初始化流程代码量比较少,也比较简单.主要是run函数.(我阅读的代码的linux内核版本是2.6.32.61) 四.初始化流程分析 run函数顾名思义,很简单这就是在RAID1开始运行时调用,进行一些 ...

  4. Java 下各种设计模式小结

    策略模式--定义算法族,分别封装起来,让它们之间能够互相替换,此模式让算法的变化独立于使用算法的客户.     策略模式是说,针对一种计算,定义一系列的算法,由用户决定详细使用哪一个算法完毕计算. 比 ...

  5. .net中将DataTable导出到word、Excel、txt、htm的方法

    dt:DataTable strFile:fileName strExt:type private void GridExport(DataTable dt, string strFile, stri ...

  6. Citrix 服务器虚拟化之十 Xenserver高可用性HA

    Citrix 服务器虚拟化之十 Xenserver高可用性HA HA是一套全自动功能设计,规划.它可以安全地恢复出现问题的XenServe 主机.例如物理破坏网络或主机的硬件故障,HA可确保无需任何人 ...

  7. CSS样式之背景、文本

    一.背景     1.背景颜色用background-color属性,例如:body{background-color:red}     2.用图像做背景用background-image属性,例如b ...

  8. Java------------运算符优先级速记口诀

    单目乘加位关系,逻辑三目后赋值. 单目:单目运算符+ –(负数) ++ -- 等 乘加(乘除加减):算数单目运算符* / % + - 位:位移单目运算符<< >> 关系:关系单 ...

  9. React-nwb的使用

    一.查看nwb的版本 nwb -v 二.创建一个react项目 nwb new react-app react-demo 三.启动项目 nwb serve

  10. JDBC 异常特殊原因 (数据库只读解决办法)

    JDBC 异常特殊原因   有时候并不是因为程序写的有问题  ,是因为  数据库只读 在sqlserver2005中附加数据库时,附加的数据库会变成只读的,只能进行查询操作. 解决方法: 1 打开Sq ...