Logstash - 通过自定义 grok 模式解析可选日志
[英]Logstash - Parsing Optional Logs through Custom grok pattern
问题描述
Following is my log patterns
以下是我的日志模式
Sample 1 :
2022-06-14 02:03:22.051 INFO [ServiceName,TraceId,SpanID] 109171 --- [Thread] ClassName : A=ValueA B=ValueB C=ValueC
Sample 2:
2022-06-14 02:03:22.051 INFO [ServiceName,TraceId,SpanID] 109171 --- [Thread] ClassName : D=ValueD B=ValueB C=ValueC
Sample 3:
2022-06-14 02:03:22.051 INFO [ServiceName,TraceId,SpanID] 109171 --- [Thread] ClassName : D=ValueD E=ValueE C=ValueC F=ValueF
Sample 4:
INFO [ServiceName,TraceId,SpanID] 109171 --- [Thread] ClassName : Some Log Message
Following is the grok pattern I tried以下是我尝试过的 grok 模式
Custom Patterns: AA=.*ABB=.*B and similar自定义模式:AA=.*ABB=.*B 和类似
For Example following log pattern :例如以下日志模式:
%{TIMESTAMP_ISO8601:timestamp}?%{SPACE}*%{LOGLEVEL:log-level}%{SPACE}*\[%{DATA:service},%{DATA:ZTraceId},%{DATA:ZSpanId}\]%{SPACE}*%{NUMBER:ProcessId}%{GREEDYDATA:message}%{A:Afield}
Above log works in Sample1 but not 2,3 &4以上日志适用于 Sample1 但不适用于 2,3 &4
%{TIMESTAMP_ISO8601:timestamp} ? %{TIMESTAMP_ISO8601:timestamp} ? ---- Optional way works in all samples ---- 可选方式适用于所有样品
At the same time, %{A:Afield} ?同时, %{A:Afield} ? Doesnt work in Sample 1,2,3,4....In Sample Afield is not identified在样本 1、2、3、4 中不起作用......在样本 Afield 中未识别
Can anyone please provide a solution for optional custom grok pattern谁能为可选的自定义 grok 模式提供解决方案
1 个解决方案
解决方案1
0 2022-06-16 04:46:32
你可以试试这个 grok 模式,这可能会有所帮助
%{TIMESTAMP_ISO8601:timestamp}?%{SPACE}*%{DATA:log-level}?%{SPACE}*\[%{DATA:service}\,%{DATA:ZTraceId}\,%{DATA:ZSpanId}\] %{NUMBER:ProcessId} --- \[%{DATA:buglevel}\] %{DATA:class}: %{GREEDYDATA:message} %{GREEDYDATA:message} %{GREEDYDATA:message}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.