我在不同的时间在nginx的响应字段中得到响应..响应不固定。它多次处于嵌套类型
有时它会像
{"resp":{x22codex22:200,x22messagex22:x22successx22},"field2":"IP","field3":0.006,"field4":"06758e99be484fca56fb","field5":200,"field6":"-","date":"Wednesday, 24-Feb-2016 10:10:12 GMT","method":"POST","field7":"somevaibale","scheme":"http","field8":"-","bytes":68, "field9":"Variable","timestamp":"2016-02-24 10:10:12.000"}
有时相同的 Field1 可能不同 - 您能建议在这里做什么吗
{"resp":{x22codex22:200,x22messagex22:x22successx22,x22totalPagesx22:3,x22datax22:[{x22itemsx22:[{somedata | :{:{}},{:{}},{:{}},{:{}},{:{}},{:{}},{:{}},{:{}},{:{}},{:{}},{:{}},{:{}{}]}},"field2":"IP","field3":0.006,"field4":"06758e99be484fca56fb","field5":200,"field6":"-","date":"Wednesday, 24-Feb-2016 10:10:12 GMT","method":"POST","field7":"somevaibale","scheme":"http","field8":"-","bytes":68, "field9":"Variable","timestamp":"2016-02-24 10:10:12.000"}
那么在 logstash 中可以做什么 - 当我尝试使用 grok 模式解析 resp 中的嵌套字段时。Grok 解析失败失败,如果我尝试使用 json 过滤器,它会失败,因为嵌套部分不适合。.请让我知道
我发现对于任何自定义格式,您可以使用现有格式 -下面的网站在解析时很有帮助
https://grokdebug.herokuapp.com/patterns#
并使用下面的模式和源代码进行解析
https://grokdebug.herokuapp.com/
快乐解析..