1. 首頁
  2. 問答
  3. 使用ExtractText在nifi中獲取日誌數據

使用ExtractText在nifi中獲取日誌數據

2017-08-25 131 views
1

我已經檢索到tailFail中的自定義日誌數據,然後拆分數據(逐行)。現在我想從nifi-api.log中獲取有用的數據。使用ExtractText在nifi中獲取日誌數據

我用這個表達式所示:

^(.*)$

但處理器使flowfiele無法比擬的。 1.我應該如何替換我的表情?

來源

2017-08-25 Sally Tkhilaishvili

回答

2

這取決於您在日誌消息中查找哪些信息。您發佈的表達式只是匹配整個內容。

比方說,你有以下的日誌輸出,並希望收集flowfile庫檢查點的時間做分析:

2017-08-25 10:36:31,942 INFO [pool-10-thread-1] o.a.n.c.r.WriteAheadFlowFileRepository Successfully checkpointed FlowFile Repository with 0 records in 229 milliseconds 
2017-08-25 10:36:35,571 INFO [Write-Ahead Local State Provider Maintenance] org.wali.MinimalLockingWriteAheadLog [email protected] checkpointed with 0 Records and 0 Swap Files in 14 milliseconds (Stop-the-world time = 4 milliseconds, Clear Edit Logs time = 7 millis), max Transaction ID -1 
2017-08-25 10:38:31,942 INFO [pool-10-thread-1] o.a.n.c.r.WriteAheadFlowFileRepository Initiating checkpoint of FlowFile Repository 
2017-08-25 10:38:32,162 INFO [pool-10-thread-1] org.wali.MinimalLockingWriteAheadLog [email protected] checkpointed with 0 Records and 0 Swap Files in 218 milliseconds (Stop-the-world time = 92 milliseconds, Clear Edit Logs time = 98 millis), max Transaction ID -1 
2017-08-25 10:38:32,162 INFO [pool-10-thread-1] o.a.n.c.r.WriteAheadFlowFileRepository Successfully checkpointed FlowFile Repository with 0 records in 218 milliseconds 
2017-08-25 10:38:35,584 INFO [Write-Ahead Local State Provider Maintenance] org.wali.MinimalLockingWriteAheadLog [email protected] checkpointed with 0 Records and 0 Swap Files in 13 milliseconds (Stop-the-world time = 6 milliseconds, Clear Edit Logs time = 4 millis), max Transaction ID -1 
2017-08-25 10:40:32,161 INFO [pool-10-thread-1] o.a.n.c.r.WriteAheadFlowFileRepository Initiating checkpoint of FlowFile Repository 
2017-08-25 10:40:32,341 INFO [pool-10-thread-1] org.wali.MinimalLockingWriteAheadLog [email protected] checkpointed with 0 Records and 0 Swap Files in 177 milliseconds (Stop-the-world time = 71 milliseconds, Clear Edit Logs time = 87 millis), max Transaction ID -1 
2017-08-25 10:40:32,341 INFO [pool-10-thread-1] o.a.n.c.r.WriteAheadFlowFileRepository Successfully checkpointed FlowFile Repository with 0 records in 178 milliseconds 
2017-08-25 10:40:35,592 INFO [Write-Ahead Local State Provider Maintenance] org.wali.MinimalLockingWriteAheadLog [email protected] checkpointed with 0 Records and 0 Swap Files in 11 milliseconds (Stop-the-world time = 5 milliseconds, Clear Edit Logs time = 4 millis), max Transaction ID -1

使用的表達像^[\d\-\s\:,]+\s(INFO|WARN|ERROR).*(\d+) milliseconds將允許你過濾這些信息,並與你的捕捉組,瞭解消息的嚴重程度和時間。

來源

2017-08-25 17:44:53 Andy

1

您可以在extractText處理器中使用以下正則表達式來提取值。

regex:(.*)

然後使用RouteOnAttribute檢查日誌通過下面的表達式是ERROR/WARN/INFO

INFO:${regex:toLower():contains('info')} 

ERROR:${regex:toLower():contains('error')} 

WARN:${regex:toLower():contains('warn')}

現在根據屬性路由你的流程文件,然後做你想做的任何事情。

希望對您有所幫助

來源

2017-08-29 04:43:52

相關問題

 相關問題