Logstash Grok过滤器模式
[英]logstash grok filter pattern
问题描述
This is my log files. 
这是我的日志文件。
Application-log-sample.log
2017-01-03 05:40:49.693 INFO main --- com.getsentry.raven.DefaultRavenFactory : Using an HTTP connection to Sentry.
2017-01-03 05:40:49.935 INFO background-preinit --- org.hibernate.validator.internal.util.Version : HV000001: Hibernate Validator 5.2.4.Final
I am getting confuse for grok pattern. 我对骗子模式感到困惑。 Can you someone please suggest something. 有人可以建议一下吗?
2 个解决方案
解决方案1
1 2017-06-21 09:56:41
a simple pattern could be: 一个简单的模式可能是:
^%{TIMESTAMP_ISO8601:event_time}\s+%{LOGLEVEL:level}\s+%{SYSLOGPROG}\s---\s%{JAVACLASS:class}\s+:\s+%{GREEDYDATA:message}$
use https://grokdebug.herokuapp.com/ to build your pattern and http://grokconstructor.appspot.com/do/match to test it on many lines. 使用https://grokdebug.herokuapp.com/构建您的模式,并使用http://grokconstructor.appspot.com/do/match进行多行测试。
you can also configure grok to check multiple patterns (stops at first matched) and to use your own patterns, see reference . 您还可以配置grok以检查多个模式(首先匹配时停止)并使用自己的模式,请参阅参考资料 。
解决方案2
0 2017-06-21 09:32:17
You can check your grok pattern is working correct or not without running the configuration file by grok debugger. 您可以不通过grok调试器运行配置文件来检查grok模式是否正常工作。 Here is the link for grok debugger, 这是grok调试器的链接,
https://grokdebug.herokuapp.com https://grokdebug.herokuapp.com
Grok discover will help you to achieve the pattern which ever you needed. Grok discover将帮助您实现所需的模式。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.