• logstash grok

    input {
        file {
                path => "/opt/service/test-service/logs/catalina-error*.log"
                type => "study-center-service"
                start_position=> "beginning"
                stat_interval => 1
            }
}


filter {

		multiline {
            pattern => "^d{4}-d{1,2}-d{1,2}sd{1,2}:d{1,2}:d{1,2}.d{3}"
            negate => true
            what => "previous"
        }
        grok { 
            match => { "message" => '%{DATA:time} %{LOGLEVEL:level} %{NOTSPACE:javaclass} %{INT:line} | %{NOTSPACE:serviceName} | %{NOTSPACE:serviceNode} | %{NOTSPACE:uri} | %{NOTSPACE:header} | %{NOTSPACE:request} | %{NOTSPACE:messages}'}
            match => {"time" => '%{NOTSPACE:time}'}
            match => {"level" => '%{NOTSPACE:level}'}
            match => {"javaclass" => '%{NOTSPACE:javaclass}'}
            match => {"line" => '%{NOTSPACE:line}'}
            match => {"serviceName" => '%{NOTSPACE:serviceName}'}
            match => {"serviceNode" => '%{NOTSPACE:serviceNode}'}
            match => {"uri" => '%{NOTSPACE:uri}'}
            match => {"header" => '%{NOTSPACE:header}'}
            match => {"request" => '%{NOTSPACE:request}'}
            match => {"messages" => '%{NOTSPACE:messages}'}
            break_on_match => true
	}
}

output {
        if !("_grokparsefailure" in [tags]) {
                elasticsearch {
                        hosts => ["192.168.2.187:9200"]
                        index => "%{[type]}-%{+YYYY.MM.dd}"
                }
        }
}

      
  • 相关阅读:
    jquery $.fn $.fx 的意思以及使用
    jQuery树形控件zTree使用
    myeclipse9.0安装svn插件
    读取properties和xml中配置文件的值
    Jquery之ShowLoading遮罩组件
    程序员需谨记的8条团队开发原则(转)
    决策树算法
    第N个丑数
    数组反转
    倒数第K个结点
  • 原文地址:https://www.cnblogs.com/ipyanthony/p/11178330.html
Copyright © 2020-2023  润新知