0
我正在尝试使用logstash完成一项简单任务:我需要对日志文件中的日志级别进行计数。我试图使用度量过滤器。Logstash计数输出
换做我的测试,我用一个简单的文件是这样的:
INFO
WARN
INFO
WARN
INFO
WARN
INFO
而且我用这个的conf文件:
input {
stdin { type => "api" }
}
filter {
grok {
match => [ "message", "%{LOGLEVEL:loglevel}" ]
}
if [loglevel] == "WARN" {
metrics {
meter => "warn"
add_tag => "metric"
}
}
}
output {
if "metric" in [tags] {
stdout {
codec => line {
format => "warn count: %{[warn][count]}"
}
}
}
}
的警告计数是准确的,我得到这样的输出:
io/console not supported; tty will not be manipulated
Settings: Default pipeline workers: 8
Logstash startup completed
warn count: 3
warn count: 3
warn count: 3
warn count: 3
warn count: 3
warn count: 3
warn count: 3
warn count: 3
warn count: 3
Logstash shutdown completed
任何人都可以解释我为什么总是有9行输出?我怎么做才能得到一条线?