tag_on_failure => [] # prevent default _grokparsefailure tag on real records

来源：互联网发布：安徽大学人工智能编辑：程序博客网时间：2024/04/30 16:41

[elk@zjtest7-frontend config]$ cat stdin04.conf input {    stdin {    }}filter {  # drop sleep events  grok {    match => { "message" => "SELECT aaa" }    add_tag => [ "sleep_aaa" ]    #tag_on_failure => [] # prevent default _grokparsefailure tag on real records  }  grok {    match => { "message" => "SELECT bbb" }    add_tag => [ "sleep_bbb" ]  }  }output {if "sleep_aaa" in [tags]{ stdout {  codec=>rubydebug{}   }} else if "sleep_bbb" in [tags]{ stdout {  codec=>json   }}}[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin04.conf Settings: Default pipeline workers: 1Pipeline main startedSELECT bbb{"message":"SELECT bbb","@version":"1","@timestamp":"2016-09-15T10:33:12.170Z","host":"0.0.0.0","tags":["_grokparsefailure","sleep_bbb"]}此时出现了默认的"tags":["_grokparsefailure","sleep_bbb"]/************************************************************[elk@zjtest7-frontend config]$ cat stdin04.conf input {    stdin {    }}filter {  # drop sleep events  grok {    match => { "message" => "SELECT aaa" }    add_tag => [ "sleep_aaa" ]    tag_on_failure => [] # prevent default _grokparsefailure tag on real records  }  grok {    match => { "message" => "SELECT bbb" }    add_tag => [ "sleep_bbb" ]  }  }output {if "sleep_aaa" in [tags]{ stdout {  codec=>rubydebug{}   }} else if "sleep_bbb" in [tags]{ stdout {  codec=>json   }}}a[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin04.conf Settings: Default pipeline workers: 1Pipeline main startedSELECT bbb{"message":"SELECT bbb","@version":"1","@timestamp":"2016-09-15T10:34:39.194Z","host":"0.0.0.0","tags":["sleep_bbb"]}

0 0