堆栈内存溢出
  简体   繁体   English

创建自定义 grok 模式

[英]Create a custom grok pattern

 原文  2020-04-21 16:40:02       logstash-grok/ logstash-configuration/ grok/ logstash-filter

问题描述

I was working with logstash to structure the following type of logs:我正在使用 logstash 来构建以下类型的日志:

14 Apr 2020 22:49:02,868 [INFO] 1932a8e0-3892-4bae-81e3-1fc1850dff55-LPmAoB (coral-client-orchestrator-41786) hub_delivery_audit: RequestContext{CONTAINER_ID=200414224842439045902810201AZ, TRACKING_ID=TSTJ8N7GLBS0ZZW, PHYSICAL_ATTRIBUTES=PhysicalAttributes(length=Dimension(value=30.0, unit=CM, type=null), width=Dimension(value=30.0, unit=CM, type=null), height=Dimension(value=30.0, unit=CM, type=null), scaleWeight=Weight(value=5.0, unit=kg, type=null)), SHIP_METHOD=AMZN_US_PRIME, ADDRESS_ID=LDI7ICATBZNOAQNW634MG057BMA07370713J4ZQ1VGOMB7KPXTQ2EIA2OX4CKT7L, CUSTOMER_ID=A07370713J4ZQ1VGOMB7K, REQUEST_STATE=UNKNOWN, RESPONSE=GetAccessPointsForHubDeliveryOutput(destinationLocation=null, fallBackLocation=null, capability=null), IS_COMMERCIAL_ATTRIBUTE_PRESENT=false} 14 Apr 2020 22:49:02,868 [INFO] 1932a8e0-3892-4bae-81e3-1fc1850dff55-LPmAoB (coral-client-orchestrator-41786) hub_delivery_audit: RequestContext{CONTAINER_ID=200414224842439045902810201AZ, TRACKING_ID=TSTJ8N7GLBS0ZZW, PHYSICAL_ATTRIBUTES=PhysicalAttributes(length=Dimension (value=30.0, unit=CM, type=null), width=Dimension(value=30.0, unit=CM, type=null), height=Dimension(value=30.0, unit=CM, type=null), scaleWeight= Weight(value=5.0, unit=kg, type=null)), SHIP_METHOD=AMZN_US_PRIME, ADDRESS_ID=LDI7ICATBZNOAQNW634MG057BMA07370713J4ZQ1VGOMB7KPXTQ2EIA2OX4CKT7L, CUSTOMER_ID=A07370713J4ZQ1VGOMB7K, REQUEST_STATE=UNKNOWN, RESPONSE=GetAccessPointsForHubDeliveryOutput(destinationLocation=null, fallBackLocation=null, capability=null), IS_COMMERCIAL_ATTRIBUTE_PRESENT =假}

and I wanted to extract the following data out of it:我想从中提取以下数据:

CONTAINER_ID CONTAINER_ID

TRACKING_ID跟踪号码

PHYSICAL_ATTRIBUTES物理属性

SHIP_METHOD SHIP_METHOD

ADDRESS_ID ADDRESS_ID

REQUEST_STATE请求状态

RESPONSE回复

But I'm not able to figure out appropriate filter for such large log event.但我无法为如此大的日志事件找出合适的过滤器。 I've tried using https://grokdebug.herokuapp.com/ and went through Logstash grok documentation as well, but still couldn't extract the required fields.我尝试使用https://grokdebug.herokuapp.com/并浏览了 Logstash grok 文档,但仍然无法提取所需的字段。 I could only come up with this:我只能想出这个:

%{MONTHDAY:monthday} %{MONTH:month} %{YEAR:year} %{TIME:time} [%{LOGLEVEL:logLevel}] %{HOSTNAME} %{MONTHDAY:monthday} %{MONTH:month} %{YEAR:year} %{TIME:time} [%{LOGLEVEL:logLevel}] %{HOSTNAME}

Please suggest an approach on this and how to directly filter the following fields without creating extra fields like time and date.请就此提出一种方法以及如何直接过滤以下字段而不创建时间和日期等额外字段。

1 个解决方案

解决方案1
 0 已采纳  2020-04-22 10:55:22

I have tried the following grok pattern我尝试了以下 grok 模式

{CONTAINER_ID=%{DATA:container_id}, TRACKING_ID=%{DATA:tracking_id}, PHYSICAL_ATTRIBUTES=PhysicalAttributes%{DATA:physical_attributes} SHIP_METHOD=%{DATA:ship_method}, ADDRESS_ID=%{DATA:address_id}, CUSTOMER_ID=%{DATA:customer_id}, REQUEST_STATE=%{DATA:request_state}, RESPONSE=%{GREEDYDATA:response}(?=,)

in grok debugger ( https://grokdebug.herokuapp.com/ )在 grok 调试器中( https://grokdebug.herokuapp.com/

Output: Output: 在此处输入图像描述

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为 elasticsearch 中归档的消息创建自定义 grok 模式 - Create custom grok pattern to message filed in elasticsearch 如何组合字符以在GROK中创建自定义模式 - How to combine characters to create custom pattern in GROK 创建自定义 GROK 模式 - Creating a custom GROK pattern 自定义模式 - Grok custom pattern 在Logstash中创建自定义grok模式 - Creating a custom grok pattern in Logstash 如何编写自定义的grok模式? - How to write a custom grok pattern? grok模式到自定义logstash配置 - grok pattern to custom logstash config [serverity]MMDD 的自定义 Grok 模式 - Custom Grok Pattern for [serverity]MMDD 自定义日志行的Grok模式 - Grok pattern for Custom log line 这个自定义日志模式的 Grok 模式是什么? - what will be the Grok pattern for this custom log pattern?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM