如何组合字符以在GROK中创建自定义模式
[英]How to combine characters to create custom pattern in GROK
问题描述
I'm new to logstash and grok and have a question regarding a pattern. 
我是logstash和grok的新手,对模式有疑问。
Jul 26 09:46:37
The above content contains %{MONTH} %{MONTHDAY} %{TIME} and white spaces. 以上内容包含%{MONTH} %{MONTHDAY} %{TIME}和空格。
I need to know how to combine all these and create a pattern %{sample_timestamp} 我需要知道如何组合所有这些并创建一个模式%{sample_timestamp}
Thanks! 谢谢!
2 个解决方案
解决方案1
3 已采纳 2016-07-27 14:29:47
Quotes from the Grok Custom Patterns Docs (RTFM): 来自Grok Custom Patterns Docs (RTFM)的引言 :
First, you can use the Oniguruma syntax for named capture which will let you match a piece of text and save it as a field:
(?<field_name>the pattern here)...
Alternately, you can create a custom patterns file.
- Create a directory called patterns with a file in it called extra (the file name doesn't matter, but name it meaningfully for yourself)
- In that file, write the pattern you need as the pattern name, a space, then the regexp for that pattern.
So you could create a pattern file that contained the line: 所以你可以创建一个包含该行的模式文件:
CUST_DATE %{MONTH} %{MONTHDAY} %{TIME}
Then use the patterns_dir setting in this plugin to tell logstash where your custom patterns directory is.
filter {
grok {
patterns_dir => ["./patterns"]
match => { "message" => "%{CUST_DATE:datestamp}" }
}
}
Would result in the field: 会导致该领域:
datestamp => "Jul 26 09:46:37"
解决方案2
0 2019-04-10 17:33:52
Filter 过滤
use pattern_definitions to define your patterns 使用pattern_definitions来定义您的模式
filter {
grok {
pattern_definitions => { "MY_DATE" => "%{MONTH} %{MONTHDAY} %{TIME}" }
match => { "message" => "%{MY_DATE:timestamp}" }
}
}
Result 结果
{
"timestamp": "Jul 26 09:46:37"
}
Tested using Logstash 6.5 使用Logstash 6.5进行测试
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.