Logsta sh Filter Http Bad Request error (ELK) - PullRequest
Новая
       180

Logsta sh Filter Http Bad Request error (ELK)

1 голос
/ 07 августа 2020

Ниже приведен код, записанный в логсте sh. Я хочу получить доступ к API через logsta sh в расписании каждые 1 минуту и ​​отправить данные в elasticsearch 

input {
exec {
    command => 'bin/true'
    tags => "myaccount_test"
    schedule => "* * * * *"
    }
  }

filter {
if "myaccount_test" in [tags] {
    ruby { code => "event.set('end', event.get('@timestamp').to_i)" }
    ruby { code => "event.set('start', event.get('@timestamp').to_i - 1917)" }
    http {
  body_format => "json"
  follow_redirects => false
  body => {
    "query" => "SELECT pagename AS ErrorPage, referrer AS GeneratedPage, count(*) AS ErrorTraffic FROM browser_records WHERE appkey = 'AAA-AAB-AUB'"
    "start" => "%{start}"
    "end" => "%{end}"
  }
  url => "http://<domainname>:<port>/events/query?limit=200"
  verb => "POST"
  headers => {
    "X-Events-API-AccountName" => "custxxxxx_xxxxxxxxxxxx"
    "X-Events-API-Key" => "xxxxxxx-xxxxxxx-xxxx"
    "Content-type" => "application/vnd.appd.events+json;v=2"
  }
}
}
}

output {
if "myaccount_test" in [tags] {
 stdout { codec => json_lines }
  }
}

Но я получаю сообщение об ошибке для HTTP-фильтра (неверный запрос при доступе к / событиям / запросу 

<code>[2020-08-07T16:15:00,165][ERROR][logstash.filters.http    ][main][e70ac31237ba1ca2ac387603953776f0cb06c3aecbd113db0915a1404334ad85] error during HTTP request {:url=>"http://<domainname>:<port>/events/query?limit=200", :code=>400, :response=>"<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\"/>\n<title>Error 400 Bad Request</title>\n</head>\n<body><h2>HTTP ERROR 400</h2>\n<p>Problem accessing /events/query. Reason:\n<pre>    Bad Request
\ n \ n \ n "} {" @timestamp ":" 2020-08-07T12: 15: 00.041Z "," end ": 1596802500," start ": 1596800583," message ":" "," @ version ":" 1 "," command ":" bin / true "," host ":" hostname "," tags ": [" myaccount_test "," _ httprequestfailure " ]}

ниже приведен пример HTTP-запроса, к которому я пытаюсь получить доступ 

POST http://api.example.com/events/query?limit=100 HTTP/1.1
X-Events-API-AccountName:<global_account_name>
X-Events-API-Key:<api_key>
Content-Type: application/vnd.appd.events+json;v=2
Accept: application/vnd.appd.events+json;v=2
[
    {
      "query": "SELECT * FROM county WHERE population>50000",
      "limit": 10,
      "start": "2017-02-23T0:0:0Z",
      "end": "2017-03-1T0:0:0Z"
    },
]

Пожалуйста, помогите

...