-1
我有一個如下所述的日誌文件。我想用logstash解析這個文件。解析Logstash中的多行日誌文件
2015-06-10 05:11:37,799 [good][status] [ErrorAttribute - AN EXCEPTION OCCURED:
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
]2015-06-10 05:36:35,517 [50][ERROR] [ErrorAttribute - AN EXCEPTION OCCURED:
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
]
我要分析上面的文件,如以下字段格式
@timestamp - 2015-06-10 05:11:37,799
Quality - good
Status- Pass
Details - ErrorAttribute - AN EXCEPTION OCCURED:
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
我要繼續這個步驟,直到文件的最後,我已經使用神交表達,因爲日誌信息的grokparse失敗包含很多行。我希望grok將逐行申請。
我想分析的信息轉換成單獨的事件,像這樣爲一個事件
2015-06-10 05:11:37,799 [50][ERROR] [ErrorAttribute - AN EXCEPTION OCCURED:
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
]
並將此作爲另一個事件
2015-06-10 05:36:35,517 [50][ERROR] [ErrorAttribute - AN EXCEPTION OCCURED:
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
]
我怎樣才能在Logstash過濾器實現這一目標。