stackoom
  简体   繁体   中英

How to use custom Logstash grok patterns?

 原文  2018-06-28 08:22:02       logstash/ elastic-stack/ logstash-grok

Question

I'm using Logstash on Debian 9 and I want to use custom grok patterns. So I've added them to directory /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-patterns-core-4.1.2/patterns - created new files and also modified existing (grok-patterns, auth, etc.).

Problem is that my changes in original files was overwritten and lost (at 02:35 am 12.6.2018).

Is there some automatic updating of logstash-patterns-core ? How can I change existing grok patterns?

1 answers

solution1
 0  2018-06-28 09:29:41

Unfortunately, the directory structure where you modified the file is for binaries. You don't need to modify any files at all to add custom patterns. Please have a look at Logstash Directory layout here .

Instead of modifying or adding files under a binary path, you can create a new directory under /etc/logstash , call it a pattern and add your custom patterns there.

You can then import custom patterns as follows, 

filter {
    grok {
        patterns_dir => "../patterns"
        match =>["message", "%{ANYPATTERN}" ]
    }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Use of ?> in Logstash Grok patterns Logstash, how to use grok patterns coming from event data logstash 2.4.0: grok fails silently on custom patterns Logstash grok match 2 patterns Logstash grok patterns for message Grok patterns format in logstash How to write custom grok for logstash Logstash grok patterns special characters Chaining grok filter patterns for logstash How to use logstash to grok the message which is a hash
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM