stackoom
  简体   繁体   中英

Grok patterns format in logstash

 原文  2018-06-07 06:40:36       logstash/ elastic-stack/ logstash-grok

Question

Mostly my patterns working but after Framework Error in :] part does not see in the logs.

How can print rest of it on logs. I tried at the last in patterns, but still does not work %{GREEDYDATA:restofthem}

My grok Pattern: 

\[%{TIMESTAMP_ISO8601:ServerTimestamp}\|%{WORD:Log4netHostname}\|%{DATA:ProjectName}\|%{DATA:TestName}\|%{DATA:UserName}\|%{DATA:ClientIP}\|%{DATA:ClientMachineName}\|%{LOGLEVEL:LogLevel}\|%{DATA:method}\|%{DATA:message}\|%{GREEDYDATA:Exception}|%{GREEDYDATA:Exception}\]%{GREEDYDATA:restofthem}

My Log: 

[2018-06-05 13:26:57,641|host1|Appname|TTA|KKM|112.310.104.722|Host23|ERROR|Logger.Log4Net|LogError|Framework Error in :]
WebDriverTimeoutException: Timed out after 5 seconds
 at DefaultWait`1.ThrowTimeoutException(String exceptionMessage, Exception lastException)
 at DefaultWait`1.Until[TResult](Func`2 condition)

1 answers

solution1
 0 ACCPTED  2018-06-07 22:24:18

The reason is, there is a new line after :] and You need to match \\n character in order to parse it. There are various different ways to do it, you can match a new line using \\n character like this, 

\[%{TIMESTAMP_ISO8601:ServerTimestamp}\|%{WORD:Log4netHostname}\|%{DATA:ProjectName}\|%{DATA:TestName}\|%{DATA:UserName}\|%{DATA:ClientIP}\|%{DATA:ClientMachineName}\|%{LOGLEVEL:LogLevel}\|%{DATA:method}\|%{DATA:message}\|%{GREEDYDATA:Exception}\n%{GREEDYDATA:2ndLine}\n%{GREEDYDATA:3rdLine}\n%{GREEDYDATA:4thLine}

which will produce, 

  ......

  "Exception": [
    [
      "Framework Error in :]"
    ]
  ],
  "2ndLine": [
    [
      "WebDriverTimeoutException: Timed out after 5 seconds"
    ]
  ],
  "3rdLine": [
    [
      " at DefaultWait`1.ThrowTimeoutException(String exceptionMessage, Exception lastException)"
    ]
  ],
  "4thLine": [
    [
      " at DefaultWait`1.Until[TResult](Func`2 condition)"
    ]
  ]

OR,

use ?m to match all lines after the first line in one block like this, 

\[%{TIMESTAMP_ISO8601:ServerTimestamp}\|%{WORD:Log4netHostname}\|%{DATA:ProjectName}\|%{DATA:TestName}\|%{DATA:UserName}\|%{DATA:ClientIP}\|%{DATA:ClientMachineName}\|%{LOGLEVEL:LogLevel}\|%{DATA:method}\|%{DATA:message}\|%{GREEDYDATA:Exception}(?m)%{GREEDYDATA:everythingelse}

Output, 

  .....
  ],
  "Exception": [
    [
      "Framework Error in :]"
    ]
  ],
  "everythingelse": [
    [
      "\nWebDriverTimeoutException: Timed out after 5 seconds\n at DefaultWait`1.ThrowTimeoutException(String exceptionMessage, Exception lastException)\n at DefaultWait`1.Until[TResult](Func`2 condition)"
    ]
  ]
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Logstash grok match 2 patterns Use of ?> in Logstash Grok patterns Logstash grok patterns for message Logstash grok patterns special characters Chaining grok filter patterns for logstash Logstash date format grok pattern Grok filtering in logstash for multiple defined patterns logstash 2.4.0: grok fails silently on custom patterns Grok logstash message without patterns file How to use custom Logstash grok patterns?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM