非HTTP日志的ELK堆栈
[英]ELK stack for non http log
问题描述
I used ELK for nginx log. 
我将ELK用于nginx日志。 It worked awesome. 它很棒。 Is it OK to use ELK for non http log?? 可以将ELK用于非http日志吗? I have a memory log like below 我有如下的内存日志
- 10/24/16 04:10:01 2434 2559 66.81% 10/24/16 04:10:01 2434 2559 66.81%
- 10/24/16 04:11:01 2436 2565 66.97% 16/10/24下午04:11:01 2436 2565 66.97%
- 10/24/16 04:12:01 2437 2566 66.00% 16/10/24下午04:12:01 2437 2566 66.00%
I used following match 我使用了以下比赛
grok {
match =>
{ "message" => "%{DATE:TIME} %{NUMBER:FREE} %{NUMBER:TOTALFREE} %{NUMBER:free_percent}%" }
}
date {
match=> ["timestamp", "dd/MM/yyyy HH:mm:ss"]
}
I got error ] stopping pipeline {:id=>"main"}. 我收到错误消息]停止管道{:id =>“ main”}。
I thought that time stamp is problem, so I removed timestamp, but still same issue 我以为时间戳是有问题的,所以我删除了时间戳,但还是一样
1 个解决方案
解决方案1
0 2017-03-14 11:24:51
You forgot a closing curly bracket. 您忘记了右花括号。 Also your grokstring is probably not going to work. 另外,您的grokstring可能无法正常工作。 And your datestring is wrong, because the date is in US format. 您的日期字符串有误,因为日期采用美国格式。
grok {
match => { "message" => "%{DATESTAMP:TIME} %{NUMBER:FREE} %{NUMBER:TOTALFREE} %{NUMBER:free_percent}%" }
}
date {
match=> ["timestamp", "MM/dd/yyyy HH:mm:ss"]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.