[英]logstash - split a message by newlines
logstash日志存储
trying to split a message by newlines ( "\n"
) with no success so far.尝试通过换行符(
"\n"
)拆分消息,但到目前为止没有成功。 I need to retrieve the last line only.我只需要检索最后一行。
Logstash code:日志存储代码:
mutate{
split => ["traceback", "\n"]
add_field => {"traceback_last_line" => "%{[traceback][-1]}"}
}
Input:输入:
[traceback] =
"File "<doctest...>", line 10, in <module>
lumberjack()
File "<doctest...>", line 4, in lumberjack
bright_side_of_death()
IndexError: tuple index out of range"
I Used gsub
to replace '\n'
and then, the usual sequence of mutate.split我用
gsub
替换'\n'
然后,通常的 mutate.split 序列
mutate {
copy => { "traceback" => "traceback_tmp" }
}
mutate {
gsub => ["traceback_tmp", "\n", "::"]
}
mutate {
split => {"traceback_tmp" => "::"}
add_field => ["traceback_summary", "%{[traceback_tmp][-1]}"]
remove_field => ["traceback_tmp"]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.