grok模式到自定义logstash配置
[英]grok pattern to custom logstash config
问题描述
^(?:%{LOGLEVEL:level}):\s*%{DATA:message}\s*(?:%{JAVACLASS:caller_class})\s+\[%{WORD:loglevel}\]\s+(\[\s*\S+\s+%{BASE10NUM:tstamp}.*?\]\s+)+(\[\s*\S+\s+%{BASE10NUM:memory}\S*\s+\S+\s+%{BASE10NUM:total}.*?\])
this is my grok pattern from here https://regex101.com/r/yMq9J1/1 
这是我在这里的希腊模式https://regex101.com/r/yMq9J1/1
and now I wanted to use this in my logstash config in filter but I get an error 现在我想在过滤器的logstash配置中使用它,但是出现错误
The given configuration is invalid.
can you guys help me understand the situation here? 你们能帮我了解一下这里的情况吗?
1 个解决方案
解决方案1
0 2016-12-06 13:24:59
The grok pattern is not the problem, the configuration is missing a } to close the match setting of the grok filter. grok模式不是问题,配置缺少}以关闭grok过滤器的匹配设置。
It should be added after %{BASE10NUM:total}.*?])" , like this: 应该将其添加到%{BASE10NUM:total}.*?])" ,如下所示:
...%{BASE10NUM:total}.*?])"
} # missing accolade
}
}
output {
elasticsearch
...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.