没有模式文件的Grok logstash消息
[英]Grok logstash message without patterns file
问题描述
I would like to know if it's possible to grok message with logstash without using an external patterns file and directly write my pattern in my config: 
我想知道是否可以在不使用外部模式文件的情况下使用logstash过滤消息,然后直接在配置中写入我的模式:
For example, now it's works like this : 例如,现在它的工作方式如下:
input {
stdin{
}
}
filter {
grok {
patterns_dir => "./patterns"
match => ["message","%{PATTERNFILE:test}"]
}
}
output {
stdout {codec => rubydebug}
}
I have a file in a patterns folder with the following content : 我在patterns文件夹中有一个文件,内容如下:
PATTERNFILE .*
But I would like to directly write my pattern in the filter like this : 但是我想像这样直接在过滤器中写入模式:
filter {
grok {
patterns_dir => "./patterns"
match => ["message","%{.*:test}"]
}
}
But it's not working. 但这不起作用。
3 个解决方案
解决方案1
8 2014-07-16 09:41:33
To directly write a pattern in the config file without having an exernal patterns file, the solution is: 要在没有外部模式文件的情况下直接在配置文件中写入模式,解决方案是:
filter {grok{ match => ["message", "(?<test>.*)"]}}
The method is described at http://logstash.net/docs/1.4.2/filters/grok in section "Custom patterns" 在http://logstash.net/docs/1.4.2/filters/grok的“自定义模式”部分中介绍了该方法
解决方案2
1 2015-12-02 09:29:55
For using patterns_dir you should use full path /etc/logstash/conf.d/patterns/dns_domain for example: 要使用patterns_dir ,应使用完整路径/etc/logstash/conf.d/patterns/dns_domain ,例如:
grok {
patterns_dir => "/etc/logstash/conf.d/patterns/dns_domain"
match => { "Unparsed DNS Domain" => "%{BRACKETS:b1}%{META_INF:m1}" }
}
Where dns_domain file contains custom patterns. 其中dns_domain文件包含自定义模式。 for example: 例如:
BRACKETS \(\d+\)
META_INF [0-9A-Za-z\s\-_]+
~
~
解决方案3
0 2015-12-22 11:47:38
匹配=> {“消息” =>“%{PATTERNFILE}”}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.