Skip to content

Latest commit

 

History

History
45 lines (34 loc) · 700 Bytes

filter.md

File metadata and controls

45 lines (34 loc) · 700 Bytes

Filter

選擇對應的插件,過濾或修改指定的數據。

Plugins list

  • dissect
  • drop
  • grok
  • geoip
  • mutate
  • useragent

dissect

dissect {
    mapping => {
        'message' => '[%{time_iso8601}] %{remote_addr}:%{remote_port}'
    }
}

geoip

geoip {
    source => "remote_addr"
    add_tag => ["geoip"]
}

useragent

useragent {
                source => "http_user_agent"
                target => "machine"
}

參考資料

Official filter plugins

ELKstack 中文指南 - 过滤器插件(Filter)