1. 首頁
  2. 問答
  3. 格羅克模式與此日誌行

格羅克模式與此日誌行

2015-03-03 51 views
1

基本上我需要過濾掉日期 - 嚴重 - JAVACLASSNAME - 錯誤消息。格羅克模式與此日誌行

這是爲我工作..但它只是一半完成。 (0 [0-9] {4} - [0-9] {2} - [0-9] {2} [0-9] {2}:[0-9] {2}:[0- 9] {2},[0-9] {3})%{WORD:Severity}(?:%{GREEDYDATA:msg})

它不顯示Javaclass ..!

這裏是輸出我得到

{ 
 
    "Timestamp": [ 
 
    [ 
 
     "2015-03-03 03:12:16,978" 
 
    ] 
 
    ], 
 
    "Severity": [ 
 
    [ 
 
     "INFO" 
 
    ] 
 
    ], 
 
    "Error_Message": [ 
 
    [ 
 
     " [http-bio-16006-exec-71] [XYZ.ABC.JLM.app.task.ERT] [app:/saas reqid:23121221 jsid:* aid:* uid: org: vorg: un:] - Received to update queued for monitorId=54213213JBNJBSJBSJBS, worklow=8u298u2189u312, session=21684216814321" 
 
    ] 
 
    ] 
 
}

的logline

2015-03-03 03:12:16,978 INFO [http-bio-16006-exec-71] [XYZ.ABC.JLM.app.task.ERT] [app:/saas reqid:23121221 jsid:* aid:* uid: org: vorg: un:] - Received to update queued for monitorId=54213213JBNJBSJBSJBS, worklow=8u298u2189u312, session=21684216814321

來源

2015-03-03 kooshals

+0

和「XYZ.ABC.JLM.app 。任務.ERT「是你想要提取的Java類? – 2015-03-03 11:04:07

+0

是...所以這是日誌的格式.. – kooshals 2015-03-03 11:14:16

回答

1

這應該工作:

filter { 
    grok { 
    match => [ 
     "message", 
     "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:severity} \[(?<threadname>[^\]]+)\] \[(?<classname>[^\]]+)\] %{GREEDYDATA:message}" 
    ] 
    overwrite => ["message"] 
    } 
}

來源

2015-03-03 12:13:22

+0

謝謝你...我認爲這是工作..需要檢查它對所有的日誌 – kooshals 2015-03-09 16:44:16

相關問題

 相關問題