Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- input {
- file {
- path => "C:elasticsearch-2.4.1sir.log"
- start_position => "beginning"
- }
- }
- filter {
- grok {
- match => [ "message", "[%{TIMESTAMP_ISO8601:TIMESTAMP}][%{LOGLEVEL:LEVEL}%{SPACE}][%{DATA:QUERY}]%{SPACE}[%{DATA:QUERY1}]%{SPACE}[%{DATA:INDEX-NAME}][%{DATA:SHARD}]%{SPACE}took[%{DATA:TOOK}],%{SPACE}took_millis[%{DATA:TOOKM}], types[%{DATA:types}], stats[%{DATA:stats}], search_type[%{DATA:search_type}], total_shards[%{NUMBER:total_shards}], source[%{DATA:source_query}], extra_source[%{DATA:extra_source}],"]
- }
- }
- mutate {
- gsub => [
- *i am not sure which line i have to give here*
- ]
- }
- }
- output {
- csv {
- fields => ["extra_source"]
- path => "C:logstashlogstash-2.4.0binsource.csv"
- }
- stdout { codec => rubydebug }
- }
- [2017-02-22 14:29:04,859][TRACE][index.search.slowlog.fetch] [Powderkeg] [picase][1] took[1.3ms], took_millis[1], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[5], source[{"query":{"filtered":{"query":{"match":{"independece":"{india} {15} {07} {15}"}},"filter":{"range":{"@timestamp":{"gt":"now-1d"}}}}},"aggs":{"group_by_BatchId":{"terms":{"field":"fields.regular"},"aggs":{"byHours":{"terms":{"script":"doc['created'].date.hourOfDay().getAsText()","order":{"avg_TimeTaken":"asc"}},"aggs":{"avg_TimeTaken":{"avg":{"field":"fields.inra"}}}}}}},"_source":["fields.sara","fields.sierra","mercedes"]}], extra_source[],
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
