LogStash 正则匹配
日志格式
2015-09-28·09:50:48·[http-bio-80-exec-13]·DEBUG·com.weitoo.server.aspect.LogAspect·-{ip:183.16.4.40,url:http://api.xx.com/server/sc/commodity/getOnlineCommodity,param:{"shopId":1000001,"needCategory":false,"needCommodityTotal":false,"searchCommodityId":1002001},return:{"status":1},cost:3.911ms}
通过 https://grokdebug.herokuapp.com/
匹配出:
time: 2015-09-28·09:50:48
level: DEBUG
class:com.weitoo.server.aspect.LogAspect
ip:183.16.4.40
path:http://api.xx.com/server/sc/commodity/getOnlineCommodity
param:{"shopId":1000001,"needCategory":false,"needCommodityTotal":false,"searchCommodityId":1002001}
return:{"status":1}
cost:3.911
本人也尝试研究了tomcat_log 的demo
https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/java
(没匹配出message)
以及自动生成grok表达式的网站
http://grokconstructor.appspot.com/
(有点小bug)
官网说明也看了
https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html
(只举了简单的正则)
均以失败告终,研究了好久了,望大侠指教啊~~
汉化版冰蒂斯
9 years, 3 months ago
Answers
已经解决
SERVER_LOG %{DATA:year}-%{DATA:month}-%{DATA:day}\ %{DATA:hour}\:%{DATA:min}\:%{DATA:sec}\ %{DATA:level}\ %{DATA:class} -{ip:%{DATA:ip},url:%{DATA:url},param:%{DATA:param},return:%{DATA:return},cost:%{BASE10NUM:cost}
conf
input {
file {
type=>"xx_server_log"
path=>"/opt/software/apache-tomcat-7.0.59/logs/catalina.out"
codec=> multiline {
pattern => "(^.+Exception:.+)|(^\s+at .+)|(^\s+... \d+ more)|(^\s*Caused by:.+)"
what=> "previous"
}
}
}
filter {
if [type] == "xx_server_log" {
grok {
match => [ "message","%{SERVER_LOG}"]
patterns_dir => ["/opt/conf/logstash"]
remove_field => ["message"]
}
}
}
output {
elasticsearch {
host =>"xx-management"
protocol =>"http"
workers => 5
template_overwrite => true
}
stdout { codec=> rubydebug }
}
菲特泰斯特罗莎
answered 9 years, 3 months ago