堆栈内存溢出
  简体   繁体   English

如何为logstash编写自定义grok

[英]How to write custom grok for logstash

 原文  2019-01-11 07:29:02       logstash/ logstash-grok

问题描述

I'm trying to test the some custom log filter for logstash but somehow i'm not able to get it, I googled and looked over many examples but I am not able to create a one I want. 我正在尝试测试一些自定义日志过滤器的logstash,但是以某种方式我无法获取它,我用google搜索并查看了许多示例,但无法创建我想要的示例。

Below is my log patterns: 以下是我的日志模式: 

testhost-in2,19/01/11,06:34,04-mins,arnav,arnav 2427 0.1 0.0 58980 580 ? S 06:30 0:00 rm -rf /test/ehf/users/arnav-090119-184844,/dv/ehf/users/arnav-090119-
testhost-in2,19/01/11,06:40,09-mins,arnav,arnav 2427 0.1 0.0 58980 580 ? S 06:30 0:00 rm -rf /dv/ehf/users/arnav-090119-184844,/dv/ehf/users/arnav-090119-\
testhost-in2,19/01/11,06:45,14-mins,arnav,arnav 2427 0.1 0.0 58980 580 ? S 06:30 0:01 rm -rf /dv/ehf/users/arnav-090119-184844,/dv/ehf/users/arnav-090119-\

below is what I trying to create but does not works. 以下是我尝试创建的但不起作用的内容。 

HOSTNAME:hostname  DATE:date HOURS_Time:hour_min  USERNAME: username USERNAME:username  NUMBER:pid   COMMAND

any help Will be much appreciated. 任何帮助都感激不尽。

Tried: 尝试过: 

%{HOSTANME}%{TIMESTAMP_ISO8601:RecordedDateTimeStamp} %{USERNAME:User} %{USERNAME:User} %{NUMBER:PID} %{FLOAT:mem} %{FLOAT:res}  %{NUMBER:PID} %{NUMBER:PID} %{GREEDYDATA}

AND 

%{HOSTANME}%{TIMESTAMP_ISO8601}%{HOUR}%{MINUTE}%{NUMBER}%{WORD}%{USER}%{USER}%{NUMBER: pid}%{NUMBER:float}%{NUMBER:float}%{NUMBER}%{NUMBER}%{GREEDYDATA}

1 个解决方案

解决方案1
 2 已采纳  2019-01-12 15:49:32

Great start! 伟大的开始! Here is a grok pattern that should work better: 这是一个应该更好用的grok模式: 

%{HOSTNAME:hostname},%{DATE:date},%{HOUR:hour1}:%{MINUTE:minute1},%{NUMBER}-%{WORD},%{USER:user},%{USER:user2} %{NUMBER:pid} %{NUMBER:float} %{NUMBER:float} %{NUMBER:number1} %{NUMBER:number2} %{DATA} %{HOUR:hour2}:%{MINUTE:minute2} %{HOUR:hour3}:%{MINUTE:minute3} %{GREEDYDATA:command},%{PATH:path}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在Logstash中编写grok模式 - How to write grok pattern in logstash 如何使用自定义Logstash grok模式? - How to use custom Logstash grok patterns? logstash / grok自定义文件 - logstash / grok custom fileds 如何编写自定义的grok模式? - How to write a custom grok pattern? 如何用logstash修改此输入? - How to grok this input with logstash? 如何在Logstash中编写grok过滤器以接受变量参数 - How to write grok filter in logstash to accept variable arguments 在Logstash中创建自定义grok模式 - Creating a custom grok pattern in Logstash grok模式到自定义logstash配置 - grok pattern to custom logstash config Logstash Grok过滤器自定义日期 - Logstash grok filter custom date 使用带有Logstash的grok的自定义指标 - Custom metrics using grok with logstash
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM