grok 模式来解析 logstash 中的日志
[英]grok pattern to parse the logs in logstash
问题描述
I'm trying to parse various logs from grok, but it's too difficult, so I'm asking for your help.
我正在尝试解析来自 grok 的各种日志,但这太难了,所以我请求您的帮助。
I want to analyze url and mapping information in the log, but it doesn't work well because of other logs.我想分析一下日志中的url和映射信息,但是因为其他日志所以效果不好。
I tried this way but I don't think it was properly parsed.我尝试过这种方式,但我认为它没有被正确解析。
"\[%{TIMESTAMP_ISO8601:logtime}\]\[%{DATA:thead_id}\]\[%{DATA:level}\]\[%{DATA:method}\]%{SPACE}%{WORD:http}/%{WORD:https}%{SPACE}%{WORD:request}%{SPACE}:%{SPACE}%{WORD:aop}.RequestInfoModel\(url\=%{WORD:url}%{GREEDYDATA:param}"
please help.请帮忙。
log example:日志示例:
[21-03-17 08:23:57][scheduled-task-1][DEBUG][c.f.a.b.CleanExpiredAccessInfo.cleanExpiredAccessInfo()] [batch] Clear expired accessInfoStore : store_size=0 (CleanExpiredAccessInfo.java:23)
[21-03-16 00:11:49][http-nio-0.0.0.0-8080-exec-10][INFO ][c.f.a.c.a.GuardianAOP.onAroundHandler()] HTTP/HTTPS Request : GuardianAOP.RequestInfoModel(url=/api/v3/me/extra/key, mapping=GET, parameter=AccessToken(userKey=test@mail.com, clientKey=da3ac9db59dfa32002e7fae6849d06, userType=User, accessibleClient={1daec78593214e6b53ce9803ded5916=Manager, da3ac9db59dfa32002e7fae6849d06=User})) (GuardianAOP.java:57)
[21-03-11 16:54:11][http-nio-18080-exec-8][ERROR][c.f.c.biz.v3.UserBiz.getValidMemberInfoVo()] BizException : [rt_code:9999] not found user (UserBiz.java:228)
1 个解决方案
解决方案1
2 2021-04-25 14:45:11
[21-03-16 00:11:49][http-nio-0.0.0.0-8080-exec-10][INFO ][c.f.a.c.a.GuardianAOP.onAroundHandler()] HTTP/HTTPS Request : GuardianAOP.RequestInfoModel(url=/api/v3/me/extra/key, mapping=GET, parameter=AccessToken(userKey=test@mail.com, clientKey=da3ac9db59dfa32002e7fae6849d06, userType=User, accessibleClient={1daec78593214e6b53ce9803ded5916=Manager, da3ac9db59dfa32002e7fae6849d06=User})) (GuardianAOP.java:57)
For the above mentioned log,对于上述日志,
\[%{TIMESTAMP_ISO8601:logtime}\]\[%{DATA:thread_id}\]\[%{WORD:level}( )\]\[%{DATA:method}\]%{SPACE}%{WORD:HTTP}/%{WORD:HTTPS}%{SPACE}%{WORD:Request}%{SPACE}:%{SPACE}%{WORD:aop}.RequestInfoModel\(%{GREEDYDATA:api_info}\)%{SPACE}\(%{DATA:file_name}:%{NUMBER:line_number}\)
This works perfectly.这完美地工作。 If you want to slpit the api_info into more parts, that's upto you and as per your requirements.如果您想将 api_info 拆分为更多部分,这取决于您并根据您的要求。
Please use this for more debugging.请使用它进行更多调试。
Now, the other two log samples that you have provided are different.现在,您提供的其他两个日志示例有所不同。 Either you have to write an extremely generic pattern, or you can write multiple patterns and match with either.要么你必须编写一个非常通用的模式,要么你可以编写多个模式并与之匹配。
Have a look at the accepted answer on this question .看看这个问题的公认答案。 It explains it quite neatly.它解释得很清楚。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.