惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
Attack and Defense Labs
Attack and Defense Labs
V2EX - 技术
V2EX - 技术
O
OpenAI News
S
Secure Thoughts
H
Heimdal Security Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Schneier on Security
Schneier on Security
H
Hacker News: Front Page
S
Security Affairs
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Vercel News
Vercel News
Microsoft Security Blog
Microsoft Security Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
P
Proofpoint News Feed
The Register - Security
The Register - Security
GbyAI
GbyAI
Cloudbric
Cloudbric
MongoDB | Blog
MongoDB | Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
K
Kaspersky official blog
Forbes - Security
Forbes - Security
Y
Y Combinator Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
Scott Helme
Scott Helme
Hacker News - Newest:
Hacker News - Newest: "LLM"
The Cloudflare Blog
Recorded Future
Recorded Future
人人都是产品经理
人人都是产品经理
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
Webroot Blog
Webroot Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
L
LangChain Blog
T
Tor Project blog
Microsoft Azure Blog
Microsoft Azure Blog
博客园_首页
Hacker News: Ask HN
Hacker News: Ask HN
Blog — PlanetScale
Blog — PlanetScale
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
B
Blog RSS Feed
N
News and Events Feed by Topic
阮一峰的网络日志
阮一峰的网络日志
I
Intezer
V
V2EX
T
Tailwind CSS Blog
SecWiki News
SecWiki News
NISL@THU
NISL@THU
C
Check Point Blog

Logstash

使用 logstash 消费 avro 数据出现部分字节被替换为 ef bf bd 导致解析出错。 - V2EX 请教下这种情况下如何 logstash 处理时间问题? - V2EX 各位大大,日志监控告警系统,大家有什么好的方案推荐么? - V2EX 使用 ELK(Elasticsearch + Logstash + Kibana) 搭建日志集中分析平台实践 - V2EX logstash+elasticsearch+kibana 问题 - V2EX
logstash 如何将时间戳 UNIX_MS 转化为北京时间? - V2EX
wildcat007 · 2016-12-23 · via Logstash

日志内容如下
{"id":"549","msg-type":"activity","date":"1482372059180","thread-id":"628913","query-id":"16363060","user":"uuuser","priv_user":"uuuser","ip":"10.7.32.64","cmd":"show_create_table","query":"SHOW CREATE TABLE `uc_logindata`"}

搭建 elk ,但是想把 date 改成北京时间,不知道 filter 如何去写?

目前的 filter 格式如下
input {
file {
type => "mysql-audit"
path => ["/opt/audit_logs/mysql-audit/*"]
}
}

filter{
json {
source => "message"
target => "json"
}
}

output {
stdout {
codec => rubydebug
}
elasticsearch {
hosts => ["172.19.11.32:9200"]
}
}

输出后的结果如下
{
"path" => "/opt/audit_logs/mysql-audit/test.json",
"@timestamp" => 2016-12-23T03:05:49.752Z,
"@version" => "1",
"host" => "0.0.0.0",
"json" => {
"date" => "1482372059180",
"query-id" => "16363060",
"msg-type" => "activity",
"ip" => "10.7.32.64",
"query" => "SHOW CREATE TABLE `uc_logindata`",
"priv_user" => "uuuser",
"id" => "7",
"cmd" => "show_create_table",
"user" => "uuuser",
"thread-id" => "628913"
},
"message" => "{\"id\":\"7\",\"msg-type\":\"activity\",\"date\":\"1482372059180\",\"thread-id\":\"628913\",\"query-id\":\"16363060\",\"user\":\"uuuser\",\"priv_user\":\"uuuser\",\"ip\":\"10.7.32.64\",\"cmd\":\"show_create_table\",\"query\":\"SHOW CREATE TABLE `uc_logindata`\"}",
"type" => "mysql-audit",
"tags" => []
}