此日志行的Grok模式
[英]Grok pattern with this log line
问题描述
基本上,我需要过滤出日期-严重性-JAVACLASSNAME-错误消息。
这对我有用。.但是仅完成了一半。 (?[0-9] {4}-[0-9] {2}-[0-9] {2} [0-9] {2}:[0-9] {2}:[0-9 ] {2},[0-9] {3})%{WORD:严重程度}(?:%{GREEDYDATA:msg})
它不显示Javaclass ..!
这是我得到的输出
{ "Timestamp": [ [ "2015-03-03 03:12:16,978" ] ], "Severity": [ [ "INFO" ] ], "Error_Message": [ [ " [http-bio-16006-exec-71] [XYZ.ABC.JLM.app.task.ERT] [app:/saas reqid:23121221 jsid:* aid:* uid: org: vorg: un:] - Received to update queued for monitorId=54213213JBNJBSJBSJBS, worklow=8u298u2189u312, session=21684216814321" ] ] }
的logline
2015-03-03 03:12:16,978 INFO [http-bio-16006-exec-71] [XYZ.ABC.JLM.app.task.ERT] [app:/saas reqid:23121221 jsid:* aid:* uid: org: vorg: un:] - Received to update queued for monitorId=54213213JBNJBSJBSJBS, worklow=8u298u2189u312, session=21684216814321
1 个解决方案
解决方案1
2 已采纳 2015-03-03 12:13:22
这应该工作:
filter {
grok {
match => [
"message",
"%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:severity} \[(?<threadname>[^\]]+)\] \[(?<classname>[^\]]+)\] %{GREEDYDATA:message}"
]
overwrite => ["message"]
}
}
Logstash Grok 模式使用正则表达式在日志行中切割拆分字符串
[英]Logstash Grok pattern to cut split a string in the log line using regex
Logstash grok模式可过滤相当长的日志行,之间添加忽略
[英]Logstash grok pattern to filter a pretty long log line, add ignore between
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.