在Logstash Grok过滤器中从消息中获取可选字段
[英]Getting optional field out of message in logstash grok filter
问题描述
I´m trying to extract the number of ms in this logline 
我正在尝试提取此日志行中的毫秒数
20190726160424 [INFO] [concurrent/forasdfMES-managedThreadFactory-Thread-10] - Metricsdceptor: ## End of call: Historirrtory.getHistrrOrder took 2979 ms
The problem is, that not all loglines contain that string Now I want to extract it optionally into a duration field. 问题是,并非所有日志行都包含该字符串。现在,我想有选择地将其提取到持续时间字段中。 I tried this, but nothing happend .... no error, but also no result. 我试过了,但是什么也没发生..没有错误,也没有结果。
grok
{
match => ["message", "(took (?<duration>[\d]+) ms)?"]
}
What I´m I doing wrong ? 我做错了什么?
Thanks guys ! 多谢你们 !
2 个解决方案
解决方案1
0 2019-07-26 20:15:23
我无法解释原因,但是如果您锚定它会起作用
grok { match => { "message" => "(took (?<duration>\d+) ms)?$" } }
解决方案2
0 已采纳 2019-07-29 15:36:06
A solution would be to only apply the grok filter on the log lines ending with ms. 一种解决方案是仅将grok过滤器应用于以ms结尾的日志行。 It can be done using conditionals in your configuration. 可以使用配置中的条件来完成。
if [message] =~ /took \d+ ms$/ {
grok {
match => ["message", "took %{NUMBER:duration} ms"]
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.