使用logstash中的grok模式从日志中删除子字符串

时间:2017-11-06 07:26:19

标签: elasticsearch logstash logstash-grok

我的日志文件内容如下:

{
  "_index": "logstash-2017.11.06",
  "_type": "kafka-jmx",
  "_id": "AV-QGz3xU0bFuxdeGGWp",
  "_version": 1,
  "_score": null,
  "_source": {
    "metric_value_number": 1,
    "path": "/Users/nishantsingh/JMX_CONFS/",
    "@timestamp": "2017-11-06T06:53:44.937Z",
    "@version": "1",
    "host": "localhost",
    "metric_path": "localhost_9999.KafkaActiveControllerCount.Value",
    "type": "kafka-jmx"
  },
  "fields": {
    "@timestamp": [
      1509951224937
    ]
  },
  "sort": [
    1509951224937
  ]
}

我正在尝试编写类似于

的grok模式 
filter {
  grok {
      "metric_path" => "%{GREEDYDATA}\.%{JAVAMETHOD:metrictype}\.%{JAVACLASS:metricname}"
  }
}

我需要实际摆脱localhost_9999子串

0 个答案:

没有答案
相关问题
最新问题