https://www.elastic.co/guide/en/logstash/current/plugins-inputs-http.html
修改
vim /etc/logstash/logstash.yml
pipeline.ecs_compatibility: disabled
不關閉的話,會自動新增這幾個欄位
可能會與json中的同名欄位衝突
{
"@version" => "1",
"user_agent" => {
"original" => "curl/7.64.1"
},
"http" => {
"method" => "PUT",
"request" => {
"mime_type" => "application/x-www-form-urlencoded",
"body" => {
"bytes" => "5"
}
},
"version" => "HTTP/1.1"
},
"url" => {
"port" => "8080",
"domain" => "snmp1",
"path" => "/twitter/tweet/1"
},
"@timestamp" => 2021-05-28T23:32:38.222Z,
"host" => {
"ip" => "127.0.0.1"
},
"message" => "hello",
}
會有類似的報錯
JSON parse error, original data now in message field {:message=>"Could not set field 'domain' on object 'https://www.example.com/.gif' to value 'localhost'.This is probably due to trying to set a field like [foo][bar] = someValuewhen [foo] is not either a map or a string", :