对windows日志的格式化。
{"@timestamp":"%{TIMESTAMP_ISO8601:log_time}","@metadata":{"beat":"%{DATA:log_beat_type}","type":"%{DATA:log_doc_type}","version":"%{DATA:log_beat_version}","topic":"%{DATA:log_topic}"},"thread_id":%{NUMBER:log_thread_id},"level":"%{DATA:log_level}","type":"%{DATA:log_type}","source_name":"%{DATA:log_sourcename}","keywords":%{DATA:log_keywords},"beat":{"name":"%{DATA:log_computer_name}","hostname":"%{DATA:log_hostname}","version":"%{DATA:log_winlogbeat_version}"},"computer_name":"%{DATA:log_fqdn}","process_id":%{NUMBER:log_process_id},"event_id":%{NUMBER:log_event_id},"record_number":"%{DATA:log_record_number}","message":"%{GREEDYDATA:log_message}","tags":\["%{IP:log_tags}"\],"task":"%{DATA:log_task}","event_data":%{GREEDYDATA:log_event_data}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
