Ana Sayfa Keşfet Yardım
Giriş Yap
apache
/
ambari
şunun yansıması https://gitee.com/freeshow_me/ambari
2
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Ağaç: 3d62b00470
Dallar Biçim İmleri
ambari
/
ambari-logsearch
/
docker
/
test-config
/
logfeeder
/
shipper-conf
/
input.config-hdfs.json

input.config-hdfs.json 3.2 KB
Geçmiş Ham

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172 
  1. {
    2. 

  2.   "input": [
    3. 

  3.     {
    4. 

  4.       "type": "hdfs_audit",
    5. 

  5.       "rowtype": "audit",
    6. 

  6.       "is_enabled": "true",
    7. 

  7.       "add_fields": {
    8. 

  8.         "logType": "HDFSAudit",
    9. 

  9.         "enforcer": "hadoop-acl",
    10. 

  10.         "repoType": "1",
    11. 

  11.         "repo": "hdfs"
    12. 

  12.       },
    13. 

  13.       "path": "/root/test-logs/hdfs-audit/hdfs-audit.log"
    14. 

  14.     }
    15. 

  15.   ],
    16. 

  16.   "filter": [
    17. 

  17.     {
    18. 

  18.       "filter":"grok",
    19. 

  19.       "conditions":{
    20. 

  20.         "fields":{
    21. 

  21.           "type":[
    22. 

  22.             "hdfs_audit"
    23. 

  23.           ]
    24. 

  24. 

  25.         }
    26. 

  26. 

  27.       },
    28. 

  28.       "log4j_format":"%d{ISO8601} %-5p %c{2} (%F:%M(%L)) - %m%n",
    29. 

  29.       "multiline_pattern":"^(%{TIMESTAMP_ISO8601:evtTime})",
    30. 

  30.       "message_pattern":"(?m)^%{TIMESTAMP_ISO8601:evtTime}%{SPACE}%{LOGLEVEL:level}%{SPACE}%{JAVACLASS:logger_name}:%{SPACE}%{GREEDYDATA:log_message}",
    31. 

  31.       "post_map_values":{
    32. 

  32.         "evtTime":{
    33. 

  33.           "map_date":{
    34. 

  34.             "target_date_pattern":"yyyy-MM-dd HH:mm:ss,SSS"
    35. 

  35.           }
    36. 

  36. 

  37.         }
    38. 

  38. 

  39.       }
    40. 

  40. 

  41.     },
    42. 

  42.     {
    43. 

  43.       "filter":"keyvalue",
    44. 

  44.       "sort_order":1,
    45. 

  45.       "conditions":{
    46. 

  46.         "fields":{
    47. 

  47.           "type":[
    48. 

  48.             "hdfs_audit"
    49. 

  49.           ]
    50. 

  50. 

  51.         }
    52. 

  52. 

  53.       },
    54. 

  54.       "source_field":"log_message",
    55. 

  55.       "value_split":"=",
    56. 

  56.       "field_split":"\t",
    57. 

  57.       "post_map_values":{
    58. 

  58.         "src":{
    59. 

  59.           "map_fieldname":{
    60. 

  60.             "new_fieldname":"resource"
    61. 

  61.           }
    62. 

  62. 

  63.         },
    64. 

  64.         "ip":{
    65. 

  65.           "map_fieldname":{
    66. 

  66.             "new_fieldname":"cliIP"
    67. 

  67.           }
    68. 

  68. 

  69.         },
    70. 

  70.         "allowed":[
    71. 

  71.           {
    72. 

  72.             "map_fieldvalue":{
    73. 

  73.               "pre_value":"true",
    74. 

  74.               "post_value":"1"
    75. 

  75.             }
    76. 

  76. 

  77.           },
    78. 

  78.           {
    79. 

  79.             "map_fieldvalue":{
    80. 

  80.               "pre_value":"false",
    81. 

  81.               "post_value":"0"
    82. 

  82.             }
    83. 

  83. 

  84.           },
    85. 

  85.           {
    86. 

  86.             "map_fieldname":{
    87. 

  87.               "new_fieldname":"result"
    88. 

  88.             }
    89. 

  89. 

  90.           }
    91. 

  91. 

  92.         ],
    93. 

  93.         "cmd":{
    94. 

  94.           "map_fieldname":{
    95. 

  95.             "new_fieldname":"action"
    96. 

  96.           }
    97. 

  97. 

  98.         },
    99. 

  99.         "proto":{
    100. 

  100.           "map_fieldname":{
    101. 

  101.             "new_fieldname":"cliType"
    102. 

  102.           }
    103. 

  103. 

  104.         },
    105. 

  105.         "callerContext":{
    106. 

  106.           "map_fieldname":{
    107. 

  107.             "new_fieldname":"req_caller_id"
    108. 

  108.           }
    109. 

  109. 

  110.         }
    111. 

  111. 

  112.       }
    113. 

  113. 

  114.     },
    115. 

  115.     {
    116. 

  116.       "filter":"grok",
    117. 

  117.       "sort_order":2,
    118. 

  118.       "source_field":"ugi",
    119. 

  119.       "remove_source_field":"false",
    120. 

  120.       "conditions":{
    121. 

  121.         "fields":{
    122. 

  122.           "type":[
    123. 

  123.             "hdfs_audit"
    124. 

  124.           ]
    125. 

  125. 

  126.         }
    127. 

  127. 

  128.       },
    129. 

  129.       "message_pattern":"%{USERNAME:p_user}.+auth:%{USERNAME:p_authType}.+via %{USERNAME:k_user}.+auth:%{USERNAME:k_authType}|%{USERNAME:user}.+auth:%{USERNAME:authType}|%{USERNAME:x_user}",
    130. 

  130.       "post_map_values":{
    131. 

  131.         "user":{
    132. 

  132.           "map_fieldname":{
    133. 

  133.             "new_fieldname":"reqUser"
    134. 

  134.           }
    135. 

  135. 

  136.         },
    137. 

  137.         "x_user":{
    138. 

  138.           "map_fieldname":{
    139. 

  139.             "new_fieldname":"reqUser"
    140. 

  140.           }
    141. 

  141. 

  142.         },
    143. 

  143.         "p_user":{
    144. 

  144.           "map_fieldname":{
    145. 

  145.             "new_fieldname":"reqUser"
    146. 

  146.           }
    147. 

  147. 

  148.         },
    149. 

  149.         "k_user":{
    150. 

  150.           "map_fieldname":{
    151. 

  151.             "new_fieldname":"proxyUsers"
    152. 

  152.           }
    153. 

  153. 

  154.         },
    155. 

  155.         "p_authType":{
    156. 

  156.           "map_fieldname":{
    157. 

  157.             "new_fieldname":"authType"
    158. 

  158.           }
    159. 

  159. 

  160.         },
    161. 

  161.         "k_authType":{
    162. 

  162.           "map_fieldname":{
    163. 

  163.             "new_fieldname":"proxyAuthType"
    164. 

  164.           }
    165. 

  165. 

  166.         }
    167. 

  167. 

  168.       }
    169. 

  169. 

  170.     }
    171. 

  171.   ]
    172. 

  172. }
    173.