0
在我的應用我有登錄fromat如下 -Logstash神交過濾
logFormat: '%-5level [%date{yyyy-MM-dd HH:mm:ss,SSS}] [%X{appReqId}] [%X{AppUserId}] %logger{15}: %m%n'
和格式的輸出類似
INFO [2017-02-03 11:09:21.792372] [b9c0d838-10b3-4495-9915-e64705f02176] [ffe00000000000003ebabeca] r.c.c.f.r.MimeTypeResolver: [Tika MimeType Detection]: filename: 'N/A', detected mime-type: 'application/msword', time taken: 2 ms
現在我想日誌的各個領域在kibana查詢,爲此,我希望logstash解析輸入日誌消息,似乎grok過濾器是有幫助我們的。如果grok過濾器能夠正確地過濾我的消息輸出應該像
"message" => "INFO [2017-02-03 11:09:21.792372] [b9c0d838-10b3-4495-9915-e64705f02176] [ffe00000000000003ebabeca] r.c.c.f.r.MimeTypeResolver: [Tika MimeType Detection]: filename: 'N/A', detected mime-type: 'application/msword', time taken: 2 ms",
"appReqId" => "b9c0d838-10b3-4495-9915-e64705f02176",
"timestamp" => "2017-02-03 11:09:21.792372",
"AppUserId" => "ffe00000000000003ebabeca",
"logger" => "r.c.c.f.r.MimeTypeResolver",
我無法弄清楚如何在logstash.conf文件中進行配置,以便獲得所需的輸出。 我試着像下面
filter {
grok {
match => { "message" => "%{LOGLEVEL:severity}* %{YEAR:year}-%{MONTHNUM:month}-%{MONTHDAY:day} %{TIME:time} %{JAVACLASS:class}\.%{JAVAFILE:file}" }
}
}
,並在grok patter varifier驗證,它不work.Any樣的幫助,將不勝感激。
thanks @ sysadmin1138,它對我來說非常合適 – RIPAN