Парсинг логов в Logstash с помощью grok

Elastic In Your Native Tongue Вопросы на русском языке
7

С такой конфигурацией:

input { stdin { } }

filter {
  csv {
  }
}

output {
  stdout { codec => rubydebug }
}

если заменить и на , в теме сообщения то получается:

{
       "message" => "\"11/01/2018 11:41:36\",\"767\",\"<8F753F80AA7E5221FDF8B1086CD4FC58@domain.ru>\",\"info@domain.ru\",\"ma@domain.ru\",\"\",\"Аудиокниги \"\"Модель для сборки\"\" - Самая полная, качественная коллекция. 09_09_2018 02_10 201694\",\"68870\",\"KAS_STATUS_SPAM\",\"\",\"\",\"01.11.2018 11:36:25\",\"01.11.2018 11:41:36\",\"SmtpAntispam\",\"AntispamScanner\",\"Block\",\"Email\",\"01.11.2018 11:28:00\",\"\",\"Shikari rule\",\"\",\"External\"",
          "host" => "bumblebee",
       "column8" => "68870",
      "column19" => "",
      "column15" => "AntispamScanner",
       "column7" => "Аудиокниги \"Модель для сборки\" - Самая полная, качественная коллекция. 09_09_2018 02_10 201694",
      "column21" => "",
      "@version" => "1",
      "column18" => "01.11.2018 11:28:00",
      "column14" => "SmtpAntispam",
      "column16" => "Block",
       "column6" => "",
      "column12" => "01.11.2018 11:36:25",
      "column20" => "Shikari rule",
       "column2" => "767",
       "column3" => "<8F753F80AA7E5221FDF8B1086CD4FC58@domain.ru>",
      "column10" => "",
       "column5" => "ma@domain.ru",
       "column9" => "KAS_STATUS_SPAM",
      "column11" => "",
       "column4" => "info@domain.ru",
      "column13" => "01.11.2018 11:41:36",
       "column1" => "11/01/2018 11:41:36",
      "column22" => "External",
      "column17" => "Email",
    "@timestamp" => 2018-11-02T13:57:47.154Z
}
1 Like