使用grok的Logstash过滤器
[英]Logstash filter using grok
问题描述
I am new to ELK stack. 
我是ELK Stack的新手。 Currently i have following logs- 目前我有以下日志-
Transaction1 start
component test1 5s
component test2 10s
component test3 15s
Transaction1 ended with total time 30s
Transaction2 start
component test4 15s
component test5 20s
component test6 15s
Transaction2 ended with total time 50s
I want to index the individual components along with their time and Transactionid along with the mentioned total time. 我想索引各个组件以及它们的时间和Transactionid以及所提到的总时间。
ex- For Transaction1 the individual components are test1,test2 and test3. 例如,对于Transaction1,各个组件分别是test1,test2和test3。 Using GROK will divide the logs into tokens. 使用GROK会将日志分为令牌。 But how can the aggregation based on transactionid be achieved? 但是如何实现基于transactionid的聚合呢? How can this be achieved using logstash. 如何使用logstash实现此目的。 Thanks 谢谢
1 个解决方案
解决方案1
0 2018-11-27 19:16:09
Unless you can rewrite the logs as has been suggested, you should check out the multiline input codec , which will allow you to combine the lines into one message for logstash. 除非可以按照建议重写日志,否则应签出多行输入编解码器 ,这将使您可以将行合并为一条消息,以获得logstash。 You would then be able to grok across that line to extract what you want. 然后,您将可以浏览那条线以提取所需的内容。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.