创建 Grok 解析流水线:PUT _ingest/pipeline/logs_grok { "description": "parse nginx access log", "processors": [ { "grok": { "field": "message", "patterns": ["%{IPORHOST:client} - - \[%{HTTPDATE:time}\] \"%{WORD:method} %{URIPATHPARAM:uri} HTTP/%{NUMBER:http_version}\" %{NUMBER:status} %{NUMBER:bytes}"] } }, { "remove": { "field": "message" } } ] } 模拟解析:POST _ingest/pipeline/logs_grok/_simulate { "docs": [ { "_source": { "message": "127.0.0.1 - - [10/Oct/2025:13:55:36 +0000] \"GET /index.html HTTP/1.1\" 200 1234" } } ] } 索引写入(使用流水线):POST logs-access/_doc?pipeline=logs_grok { "message": "127.0.0.1 - - [10/Oct/2025:13:55:36 +0000] \"GET /index.html HTTP/1.1\" 200 1234" }
投稿
微信公众账号
微信扫一扫加关注
评论 返回
顶部
发表评论 取消回复