如果文件的所有日志都在一行中,该如何转发日志?
[英]How to forward the logs if all the logs of a file is in single line?
问题描述
I am facing some trouble to forward the logs from rsyslog to logstash i wrote this grok filter but it is not working.maybe the problem is that, server is writing the all logs in a single line. 
我在将日志从rsyslog转发到logstash时遇到了一些麻烦,我写了这个grok过滤器,但是它不起作用。也许是因为问题,服务器将所有日志写在一行中。
(?<AUDIt_LOG>[(0-9A-U]{0,4})(?<DATE>[0-9A-F]{8})%{INT:Log_Code}(?<Type>[a-zA-Z]{0,5})%{NOTSPACE:ServiceName} %{SPACE} %{NOTSPACE:Host} %{SPACE} %{WORD:Bank}&&%{WORD:BANK2}%{SPACE} %{WORD:USERNAME}
please follow this link for sample log. 请点击此链接获取示例日志。 https://drive.google.com/open?id=0Bx8yrs4bWFFjTFlpTkJhTl9SMHM https://drive.google.com/open?id=0Bx8yrs4bWFFjTFlpTkJhTl9SMHM
1 个解决方案
解决方案1
0 已采纳 2017-05-21 09:34:50
You should have each log per line for sure. 您应该确保每行都有每个日志。 Also you could use the Grok debugger to make sure that logs get parsed properly. 您也可以使用Grok调试器来确保正确解析日志。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.