0
我想解析kafka日誌。這是一個示例日誌文本。如何在grok中匹配kafka日誌模式
[2016-02-01 15:29:02,039] INFO [Replica state machine on controller 0]: Invoking state change to OnlineReplica for replicas [Topic=elk-test,Partition=0,Replica=0] (kafka.controller.ReplicaStateMachine)
[2016-02-01 15:33:02,457] TRACE [Controller 0]: checking need to trigger partition rebalance (kafka.controller.KafkaController)
[2016-02-01 15:33:02,458] DEBUG [Controller 0]: preferred replicas by broker Map(0 -> Map([elk-test,0] -> List(0))) (kafka.controller.KafkaController)
[2016-02-01 15:33:02,480] DEBUG [Controller 0]: topics not in preferred replica Map() (kafka.controller.KafkaController)
[2016-02-01 15:58:02,447] TRACE [Controller 0]: leader imbalance ratio for broker 0 is 0.000000 (kafka.controller.KafkaController)
我試着用Grok-debugger編寫很多新模式來匹配grok中的上述日誌。但是我一直都失敗了。
我希望任何期望能幫助我找到上述日誌的grok模式。謝謝。
圖案我嘗試:
\[%{TIMESTAMP_ISO8601:timestamp}\] \[%{LOGLEVEL:loglevel}\] %{GREEDYDATA:message}
我想提取控制器0作爲單獨的場。