2
最近建成ELK堆棧使用的版本5.0.0-1Logstash:值太大,輸出
當groking JBoss的日誌,1個多過濾器,我看到了以下錯誤:
[2016-11-14T19:48:48,802][ERROR][logstash.filters.grok ] Error while attempting to check/cancel excessively long grok patterns {:message=>"Mutex relocking by same thread", :class=>"ThreadError", :backtrace=>["org/jruby/ext/thread/Mutex.java:90:in `lock'", "org/jruby/ext/thread/Mutex.java:147:in `synchronize'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-3.2.3/lib/logstash/filters/grok/timeout_enforcer.rb:38:in `stop_thread_groking'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-3.2.3/lib/logstash/filters/grok/timeout_enforcer.rb:53:in `cancel_timed_out!'", "org/jruby/RubyHash.java:1342:in `each'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-3.2.3/lib/logstash/filters/grok/timeout_enforcer.rb:45:in `cancel_timed_out!'", "org/jruby/ext/thread/Mutex.java:149:in `synchronize'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-3.2.3/lib/logstash/filters/grok/timeout_enforcer.rb:44:in `cancel_timed_out!'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-3.2.3/lib/logstash/filters/grok/timeout_enforcer.rb:63:in `start!'"]}
[2016-11-14T19:48:48,802][WARN ][logstash.filters.grok ] Timeout executing grok '%{DATA:prefixofMessage}<tXML>%{DATA:orderXML}</tXML>' against field 'message' with value 'Value too large to output (27191 bytes)! First 255 chars are: 2016-10-30 23:28:02,193 INFO [nucleusNamespace.com.NAMESPACEREDACTED.NAMESPACEREDACTED.NAMESPACEREDACTED] (ajp-IPADDRESSREDACTED-PORTREDACTED-325) DEBUG NAMEREDACTED | order xml ----------- <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
這個過濾器在2.4下工作得很好,但現在在5.0.0-1上運行相同的過濾器,我看到了這一點。
有沒有人在這個版本的ELK堆棧中看到過這個?
logstash grok repo中存在類似的開放問題:https://github.com/logstash-plugins/logstash-filter-grok/issues/ 99 – Val