堆栈内存溢出
  简体   繁体   English

用于自定义日志的Logstash筛选器Grok

[英]Logstash Filter Grok for custom log

 原文  2017-03-21 10:49:54       elasticsearch/ logstash/ kibana

问题描述

I'm using Logstash for the first time and I'm trying to map my logs with a grok filter, putting them on an ElasticSearch and visualizing with Kibana . 我是第一次使用Logstash ,并且尝试使用Logstash过滤器映射日志,将其放入ElasticSearch并使用Kibana可视化。

This is my current situation: 这是我目前的情况:

Filter 过滤 

filter {
  grok {
    match => { "message" => "%{TIMESTAMP:timestamp} | %{WORD:trackingId} | %{WORD:request} | %{WORD:session} | %{IP:client} | 
      %{WORD:userId} | %{GREEDYDATA:message}" }
  }
}

Log 日志记录 

2017-03-21 11:11:54.731 | myApp_35 | myApp_35 | 69E59F4DACC314C0B11B1A8CEA87F9BB | 127.0.0.1 |  | GET on URL [/api/customer] executed with success in [18555 us].

Apparently this is not working. 显然这是行不通的。 What am I doing wrong? 我究竟做错了什么?

1 个解决方案

解决方案1
 1 已采纳  2017-03-21 11:02:06

Try this 尝试这个 

%{TIMESTAMP_ISO8601:timestamp}%{SPACE}\|%{SPACE}%{WORD:trackingId}%{SPACE}\|%{SPACE}%{WORD:request}%{SPACE}\|%{SPACE}%{WORD:session}%{SPACE}\|%{SPACE}%{IP:client}%{SPACE}\|%{SPACE}%{DATA:userId}%{SPACE}\|%{SPACE}%{GREEDYDATA:message}

Based on OPs comment here is another regex with SPACE replaced by \\s* 根据OP的评论,这里是另一个正则表达式,其中SPACE替换为\\ s * 

%{TIMESTAMP_ISO8601:timestamp}\s*\|\s*%{WORD:trackingId}\s*\|\s*%{WORD:request}\s*\|\s*%{WORD:session}\s*\|\s*%{IP:client}\s*\|\s*%{DATA:userId}\s*\|\s*%{GREEDYDATA:message}

I would recommend this site to test your grok regex: https://grokdebug.herokuapp.com/ 我会建议该网站测试您的希腊正则表达式: https ://grokdebug.herokuapp.com/

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 自定义GROK过滤器-Logstash-> Elasticsearch - Custom GROK filter - Logstash -> Elasticsearch 通过 grok 过滤器(logstash)解析日志数据 - Parsing log data throught grok filter (logstash) 通过logtash中的grok过滤器在给定的日志结构上解析日志文本 - Paring log text through grok filter in logstash on the given log structure Logstash Grok过滤器模式 - logstash grok filter pattern Logstash grok过滤整数 - Logstash grok filter integer 使用grok的Logstash过滤器 - Logstash filter using grok 用于Logstash的Grok过滤器以匹配日志文件中的特定值 - Grok filter for logstash to match a specific value from a log file logstash / grok自定义文件 - logstash / grok custom fileds Logstash / GROK:解析日志文件时创建自定义变量 - Logstash / GROK: Creating a custom Variable when parsing a log file 自定义日期时间相同,但在grok日期过滤器logstash中不匹配 - Custom date time is same but not matching in grok date filter logstash
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM