堆栈内存溢出
  繁体   English   中英

Logstash Grok过滤器读取错误的值

[英]Logstash Grok filter reading wrong value

 原文  2016-11-21 10:53:21       exception/ logstash/ elastic-stack/ logstash-grok/ grok

问题描述

我目前正在尝试使用完整的麋鹿堆栈(节拍-Logstash-ElasticSearch-Kibana)为我们的应用程序设置一些数据收集。 到目前为止,一切工作都应该正常进行,但是我需要捕获有关应用程序引发的异常的统计信息(例如java.lang.IllegalArgumentException)

我对堆栈跟踪本身并不真正感兴趣,所以我继续为异常添加了一个单独的grok过滤器。

消息示例: 

2016-11-15 05:19:28,801 ERROR [App-Initialisation-Thread] appengine.java:520 Failed to initialize external authenticator myapp Support Access || appuser@vm23-13:/mnt/data/install/assembly app-1.4.12@cad85b224cce11eb5defa126030f21fa867b0dad
java.lang.IllegalArgumentException: Could not check if provided root is a directory
    at com.myapp.io.AbstractRootPrefixedFileSystem.checkAndGetRoot(AbstractRootPrefixedFileSystem.java:67)
    at com.myapp.io.AbstractRootPrefixedFileSystem.<init>(AbstractRootPrefixedFileSystem.java:30)
    at com.myapp.io.s3.S3FileSystem.<init>(S3FileSystem.java:32)
    at com.myapp.io.s3.S3FileSystemDriver.loadFileSystem(S3FileSystemDriver.java:60)
    at com.myapp.io.FileSystems.getFileSystem(FileSystems.java:55)
    at com.myapp.authentication.ldap.S3LdapConfigProvider.initializeCloudFS(S3LdapConfigProvider.java:77)
    at com.myapp.authentication.ldap.S3LdapConfigProvider.loadS3Config(S3LdapConfigProvider.java:51)
    at com.myapp.authentication.ldap.S3LdapConfigProvider.getLdapConfig(S3LdapConfigProvider.java:42)
    at com.myapp.authentication.ldap.DelegatingLdapConfigProvider.getLdapConfig(DelegatingLdapConfigProvider.java:45)
    at com.myapp.authentication.ldap.LdapExternalAuthenticatorFactory.create(LdapExternalAuthenticatorFactory.java:28)
    at com.myapp.authentication.ldap.LdapExternalAuthenticatorFactory.create(LdapExternalAuthenticatorFactory.java:10)
    at com.myapp.frob.appengine.getExternalAuthenticators(appengine.java:516)
    at com.myapp.frob.appengine.startUp(appengine.java:871)
    at com.myapp.frob.appengine.startUp(appengine.java:754)
    at com.myapp.jsp.KewServeInitContextListener$1.run(QServerInitContextListener.java:104)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.nio.file.NoSuchFileException: fh-ldap-config/
    at com.upplication.s3fs.util.S3Utils.getS3ObjectSummary(S3Utils.java:55)
    at com.upplication.s3fs.util.S3Utils.getS3FileAttributes(S3Utils.java:64)
    at com.upplication.s3fs.S3FileSystemProvider.readAttributes(S3FileSystemProvider.java:463)
    at com.myapp.io.AbstractRootPrefixedFileSystem.checkAndGetRoot(AbstractRootPrefixedFileSystem.java:61)

grok语句示例: 

grok {
patterns_dir => ["./patterns"]
match => ["message", "%{GREEDYDATA}\n%{JAVAFILE:exception}"]
}

在grok调试器上进行的测试显示了正确的结果: 

{
  "GREEDYDATA": [
    [
      "2016-11-15 05:19:28,801 ERROR [App-Initialisation-Thread] appengine.java:520 Failed to initialize external authenticator myapp Support Access || appuser@vm23-13:/mnt/data/install/assembly app-1.4.12@cad85b224cce11eb5defa126030f21fa867b0dad"
    ]
  ],
  "exception": [
    [
      "java.lang.IllegalArgumentException"
    ]
  ]
}

问题

当我将配置添加到logstash时,即使“ Caused”字符串在另一个换行符之后,它也会捕获Caused字符串而不是异常名称。 但是,它非常适合其他异常消息,例如: 

016-11-15 06:17:49,691 WARN  [SCReplicationWorkerThread-2] ClientJob.java:207 50345 Error communicating to server `199.181.131.249':`80'. Waiting `10' seconds before retrying... If you see this message rarely, the sc will have recovered gracefully. || appuser@vm55-12:/mnt/deployment/install/app app-3.1.23@cad85b224cce11eb5defa126030f21fa867b0dad
java.net.SocketTimeoutException: Read timed out
    at java.net.SocketInputStream.socketRead0(Native Method)
    at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
    at java.net.SocketInputStream.read(SocketInputStream.java:170)
    at java.net.SocketInputStream.read(SocketInputStream.java:141)
    at java.net.SocketInputStream.read(SocketInputStream.java:223)
    at java.io.DataInputStream.readBoolean(DataInputStream.java:242)
    at com.myapp.replication.client.ClientJob.passCheckRevision(ClientJob.java:279)
    at com.myapp.replication.client.ClientJob.execute(ClientJob.java:167)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:534)

任何意见,将不胜感激。

谢谢

1 个解决方案

解决方案1
 0  2016-11-24 03:00:18

您是否在输入或filebeat输入中设置了mutiline,以显示以ISO8601开头的模式
我想也许你的小util子没能拿到整条线 

input {
         beats {
            port => 5044
            codec => multiline {
            pattern => "^[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}[\.,][0-9]{3,7} "
            negate => true
            what => "previous"
            }
           }
        }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 正常处理Logstash插件过滤器错误 我使用 Scanner 类读取文件时有什么问题? Dataframe 过滤器将 no value found 设置为 0 错误的异常使用 - 来自catch的返回值 PHP:如果变量值错误,应该怎么办? 读取简单值时出现java.util.InputMismatchException ASP NET Core 5 - 访问(或传递)一些值到异常过滤器 我想返回一个值并引发异常,这是否意味着我做错了什么? 在对象初始化时为错误的参数值Objective-C引发错误 Logstash配置缺少异常日志的最后一个异常
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM