使用Kibana在ElasticSearch中过滤邮件正文

w8f9ii69  于 2022-12-09  发布在  Kibana
关注(0)|答案(2)|浏览(186)

我在Kibana UI中有JSON,包含以下信息沿着其他详细信息:-

host.name       abcd

 message        2020-07-29 03:59:19,393 -0700 INFO  [http-nio-8080-exec-2139] abchohfowhofnfnnfnwlnflw 
                CLIENT_ID=MNOPQR xysbxs

我只想过滤部分CLIENT_ID=MNOPQR作为Kibana中的搜索结果。基本上我想获得主机abcd上的所有client_id名称。
有可能得到数据吗?

n7taea2i

n7taea2i1#

您需要筛选host.name ='abcd'
然后,使用管道处理器,您可以提取客户端ID,如下所示

POST _ingest/pipeline/_simulate  
{  
  "pipeline": {  
  "description" : "parse multiple patterns",  
  "processors": [   
    {   
      "grok": {     
        "field": "message",  
        "patterns": [ "CLIENT_ID=%{NOTSPACE:client_value}" ]   
           }   
    }   
  ]    
  },   
"docs":[   
  {   
    "_source": {   
      "message": "2020-07-29 03:59:19,393 -0700 INFO [http-nio-8080-exec-2139] abchohfowhofnfnnfnwlnflw CLIENT_ID=MNOPQR xysbxs"    
    }     
  }      
  ]   
}       


And the result is 

{
  "docs" : [
    {
      "doc" : {
        "_index" : "_index",
        "_type" : "_doc",
        "_id" : "_id",
        "_source" : {
          "message" : "2020-07-29 03:59:19,393 -0700 INFO [http-nio-8080-exec-2139] abchohfowhofnfnnfnwlnflw CLIENT_ID=MNOPQR xysbxs",
          "client_value" : "MNOPQR"
        },
        "_ingest" : {
          "timestamp" : "2020-07-29T18:25:29.07763Z"
        }     
      }
    }
  ]
}

enter code here
bfnvny8b

bfnvny8b2#

Kibana的查询语言是基于Lucene查询语法的。你应该能够过滤host.name字段,用你想要的确切主机名和通配符消息,如下所示:

host.name: "abcd" AND message: *CLIENT_ID=MNOPQR*

相关问题