我想使用logstash通过下面的配置通过tcp解析gelf日志。我的消息流是空字节分隔的,从不包含 \n。不幸的是,即使在设置中设置了 config.support_escapes: true 之后,logstash 也不接受 \0 作为分隔符。该选项仅适用于更常见的 \n、\r、\t 等。
有谁知道一种可以从这些gelf消息中生成logstash事件的方法?
logstash -e 'input { tcp { port => 7777
codec => json_lines
{ delimiter => "\0" }
} }
output { stdout{ } }'
消息由 docker gelf 日志驱动程序生成,如下所示:
{"version":"1.1","host":"herm-VirtualBox","short_message":"{ counter: 1 } ","timestamp":1515490442.825,"level":6,"_command":"bin/sh -c COUNTER=1;while true; do printf \"{ counter: $COUNTER } \\n\"; COUNTER=$((COUNTER+1)); sleep 1; done","_container_id":"4aa5b8bd52381b005ad9c5d07db8bd71358a16510f16ef9e0f1887b25ac3040b","_container_name":"inspiring_booth","_created":"2018-01-09T09:34:02.506691976Z","_image_id":"sha256:00fd29ccc6f167fa991580690a00e844664cb2381c74cd14d539e36ca014f043","_image_name":"ubuntu","_tag":"4aa5b8bd5238"}
它们总是以 {"version":