Log4j - 如何标记 Elastic Search 等日志并按值分组、过滤和可视化它们?
[英]Log4j - how to tokenize logs like Elastic Search and group by values, filter and visualize them?
问题描述
When you know the logging format/pattern, is there a way to visualize/classify/filter logs with certain thread name/client id/... without using Elastic Search?
当您知道日志记录格式/模式时,有没有办法在不使用 Elastic Search 的情况下可视化/分类/过滤具有特定线程名称/客户端 ID/... 的日志? I want to show for example, "this thread has these lines, ordered by timestamp, with these keywords".例如,我想展示“这个线程有这些行,按时间戳排序,带有这些关键字”。 I don't want to manually search by thread names anymore.我不想再按线程名称手动搜索了。
I can manually grep , of course, but I want to visualize them in a better way.当然,我可以手动grep ,但我想以更好的方式将它们可视化。 I can search them if I know the thread names, but I want to show all of the thread names without knowing them previously.如果我知道线程名称,我可以搜索它们,但我想在之前不知道的情况下显示所有线程名称。
Also, ES marks session boundary, but grep does not.此外,ES 标记 session 边界,但 grep 不标记。 You can see that a session/request is different from another, because the session id has changed.您可以看到一个会话/请求与另一个不同,因为 session id 已更改。 A thread can undertake several sessions in a period of time.一个线程可以在一段时间内承担多个会话。
I have only seen that in ES for now.我现在只在 ES 中看到过。 I think it can be called as a log tokenizer and classifier tool, but towards static log files which haven't been fed into ES.我认为它可以被称为日志分词器和分类器工具,但针对 static 尚未输入 ES 的日志文件。
Now, I am trying to do this in Excel: adding ;现在,我正在尝试在 Excel 中执行此操作:添加; between tags, and parse them to columns, and classify/filter.标签之间,并将它们解析为列,然后分类/过滤。 In the screenshot, thread names is filtered to be one.在屏幕截图中,线程名称被过滤为一个。 But I found it very hard to do if logs are too many because separating by space is not good, need to manually add ;但是我发现如果日志太多的话很难做到,因为用空格分隔不好,需要手动添加; or other unique separator.或其他独特的分隔符。
1 个解决方案
解决方案1
0 已采纳 2023-01-09 19:17:49
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.