logstash - 用换行符分割消息
[英]logstash - split a message by newlines
问题描述
日志存储
尝试通过换行符( "\n" )拆分消息,但到目前为止没有成功。 我只需要检索最后一行。
日志存储代码:
mutate{
split => ["traceback", "\n"]
add_field => {"traceback_last_line" => "%{[traceback][-1]}"}
}
输入:
[traceback] =
"File "<doctest...>", line 10, in <module>
lumberjack()
File "<doctest...>", line 4, in lumberjack
bright_side_of_death()
IndexError: tuple index out of range"
1 个解决方案
解决方案1
0 2020-07-22 11:44:00
我用gsub替换'\n'然后,通常的 mutate.split 序列
mutate {
copy => { "traceback" => "traceback_tmp" }
}
mutate {
gsub => ["traceback_tmp", "\n", "::"]
}
mutate {
split => {"traceback_tmp" => "::"}
add_field => ["traceback_summary", "%{[traceback_tmp][-1]}"]
remove_field => ["traceback_tmp"]
}
logstash拆分路径,并通过其位置[2]取某个值并将其插入字段
[英]logstash Split path and take certain value by its position [2] and insert it into field
具有逗号分隔值和换行符的字符串:拆分值并为每个换行符创建数组
[英]String with comma-separated values and newlines: split values and create arrays for each newline
如何让 Ruby 的字符串拆分方法在 Output 中包含换行符?
[英]How do I get Ruby's String Split Method to Include Newlines in the Output?
使用ElasticSearch输出时,Logstash错误消息=>“无法刷新外发项目”
[英]Logstash error message when using ElasticSearch output=>“Failed to flush outgoing items”
配置文件,logstash ruby filter event.get(“message”).match() 错误
[英]Config file, logstash ruby filter event.get(“message”).match() Error
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.