惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园 - Franky
C
CXSECURITY Database RSS Feed - CXSecurity.com
S
Schneier on Security
Know Your Adversary
Know Your Adversary
Security Latest
Security Latest
Spread Privacy
Spread Privacy
Project Zero
Project Zero
T
The Exploit Database - CXSecurity.com
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
AI
AI
N
News | PayPal Newsroom
A
Arctic Wolf
NISL@THU
NISL@THU
W
WeLiveSecurity
Security Archives - TechRepublic
Security Archives - TechRepublic
Hacker News: Ask HN
Hacker News: Ask HN
P
Palo Alto Networks Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
大猫的无限游戏
大猫的无限游戏
L
Lohrmann on Cybersecurity
Last Week in AI
Last Week in AI
T
Threatpost
The Last Watchdog
The Last Watchdog
博客园_首页
C
Cybersecurity and Infrastructure Security Agency CISA
酷 壳 – CoolShell
酷 壳 – CoolShell
量子位
Engineering at Meta
Engineering at Meta
爱范儿
爱范儿
aimingoo的专栏
aimingoo的专栏
S
Security Affairs
P
Privacy & Cybersecurity Law Blog
B
Blog RSS Feed
AWS News Blog
AWS News Blog
P
Proofpoint News Feed
雷峰网
雷峰网
T
Tenable Blog
Schneier on Security
Schneier on Security
H
Heimdal Security Blog
V2EX - 技术
V2EX - 技术
V
V2EX
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Secure Thoughts
Latest news
Latest news
Help Net Security
Help Net Security
Jina AI
Jina AI
Stack Overflow Blog
Stack Overflow Blog
The Cloudflare Blog
V
Vulnerabilities – Threatpost
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org

Logstash

使用 logstash 消费 avro 数据出现部分字节被替换为 ef bf bd 导致解析出错。 - V2EX 请教下这种情况下如何 logstash 处理时间问题? - V2EX 各位大大,日志监控告警系统,大家有什么好的方案推荐么? - V2EX 使用 ELK(Elasticsearch + Logstash + Kibana) 搭建日志集中分析平台实践 - V2EX logstash+elasticsearch+kibana 问题 - V2EX
logstash 如何将时间戳 UNIX_MS 转化为北京时间? - V2EX
wildcat007 · 2016-12-23 · via Logstash

日志内容如下
{"id":"549","msg-type":"activity","date":"1482372059180","thread-id":"628913","query-id":"16363060","user":"uuuser","priv_user":"uuuser","ip":"10.7.32.64","cmd":"show_create_table","query":"SHOW CREATE TABLE `uc_logindata`"}

搭建 elk ,但是想把 date 改成北京时间,不知道 filter 如何去写?

目前的 filter 格式如下
input {
file {
type => "mysql-audit"
path => ["/opt/audit_logs/mysql-audit/*"]
}
}

filter{
json {
source => "message"
target => "json"
}
}

output {
stdout {
codec => rubydebug
}
elasticsearch {
hosts => ["172.19.11.32:9200"]
}
}

输出后的结果如下
{
"path" => "/opt/audit_logs/mysql-audit/test.json",
"@timestamp" => 2016-12-23T03:05:49.752Z,
"@version" => "1",
"host" => "0.0.0.0",
"json" => {
"date" => "1482372059180",
"query-id" => "16363060",
"msg-type" => "activity",
"ip" => "10.7.32.64",
"query" => "SHOW CREATE TABLE `uc_logindata`",
"priv_user" => "uuuser",
"id" => "7",
"cmd" => "show_create_table",
"user" => "uuuser",
"thread-id" => "628913"
},
"message" => "{\"id\":\"7\",\"msg-type\":\"activity\",\"date\":\"1482372059180\",\"thread-id\":\"628913\",\"query-id\":\"16363060\",\"user\":\"uuuser\",\"priv_user\":\"uuuser\",\"ip\":\"10.7.32.64\",\"cmd\":\"show_create_table\",\"query\":\"SHOW CREATE TABLE `uc_logindata`\"}",
"type" => "mysql-audit",
"tags" => []
}