【发布时间】:2016-07-28 09:29:38
【问题描述】:
我正在使用logstash 2.3.4
我收到的 lignes 基本上是 apache 日志,最后分数很小(通过机器学习计算,感谢 Spark)。这是一条线的样子:
hackazon.lc:80 192.168.100.133 - - [28/Jul/2016:11:07:46 +0200] "GET / HTTP/1.1" 200 10442 "http://192.168.100.123/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.82 Safari/537.36" pred:0.0859964494393
如您所见,第一部分是标准的 apache 日志,结尾是 pred:0.0859964494393。
日志由 ELK 处理以进行可视化,我还希望有一些关于分数的指标,称为 pred。因此我使用了metrics 中的timer 选项。这是我的 logstash 配置文件:
input {
file {
path => '/home/spark/LogStash/*'
start_position => "beginning"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG} pred:%{NUMBER:pred_score}"}
}
if "_grokparsefailure" in [tags] {
drop { }
}
mutate {
convert => {"pred_score" => "float"}
}
geoip {
source => "clientip"
}
metrics {
timer => ["pred_score" , "%{duration}"]
}
}
output {
# elasticsearch { }
stdout { codec => rubydebug }
# riemann{
# map_fields => true
# }
}
我希望得到预测分数的平均值、斧头等输出。但是我只有一些 0,除了计数和费率。
这是计时器的输出之一:
{
"@version" => "1",
"@timestamp" => "2016-07-28T09:11:39.522Z",
"message" => "thamine-OptiPlex-755",
"pred_score" => {
"count" => 10,
"rate_1m" => 0.5533102865966679,
"rate_5m" => 1.2937302900528778,
"rate_15m" => 1.490591754983121,
"min" => 0.0,
"max" => 0.0,
"stddev" => 0.0,
"mean" => 0.0,
"p1" => 0.0,
"p5" => 0.0,
"p10" => 0.0,
"p90" => 0.0,
"p95" => 0.0,
"p99" => 0.0,
"p100" => 0.0
}
}
你知道我做错了什么吗?
提前致谢!
【问题讨论】:
标签: timer logstash metrics elastic-stack logstash-configuration