面向logstash中的错误

当我在logstash中定义解析apache tomcat和应用程序日志文件的模式时，我们得到以下错误。样品日志文件是：面向logstash中的错误

2014-08-20 12:35:26,037 INFO [routerMessageListener-74] PoolableRuleEngineFactory Executing the rule -->ECE Tagging Rule

配置文件是：

filter{ 
    grok{ 
    type => "log4j" 
    #pattern => "%{TIMESTAMP_ISO8601:logdate} %{LOGLEVEL:severity} \[\w+\[%    {GREEDYDATA:thread},.*\]\] %{JAVACLASS:class} - %{GREEDYDATA:message}" 
    pattern => "%{TIMESTAMP_ISO8601:logdate}" 

    #add_tag => [ "level_%{level}" ] 
} 



    date { 
     match => [ "logdate", "YYYY-MM-dd HH:mm:ss,SSS"] 
    } 
}

未知设置 '时间戳' 日期{：水平=>：错误}

来源

2014-09-04 user961778

您的文章没有显示设置'日期过滤器的'时间戳'。我怀疑你已经开始使用时间戳设置的例子，这个设置曾经是旧版日期过滤器。你正确地修复了它的更新版本的logstash使用匹配设置，但可能没有保存你的更改。使用上面的logstash-1.5.3过滤器我没有问题。

这是我完整的配置文件。注意我仍在测试它，但它似乎正在导入一个带有从现有日志文件导入的Log4J日志消息的JBoss日志。

input { 
    tcp { 
    type => "log4j" 
    port => 4560 
    } 
    stdin { 
    type => "log4j" 
    } 
} 

filter { 
    grok{ 
    type => "log4j" 
    #pattern => "%{TIMESTAMP_ISO8601:logdate} %{LOGLEVEL:severity} \[\w+\[%{GREEDYDATA:thread},.*\]\] %{JAVACLASS:class} - %GREEDYDATA:message}" 
    pattern => "%{TIMESTAMP_ISO8601:logdate}" 

    #add_tag => [ "level_%{level}" ] 
} 

    date { 
    type => "log4j" 
    match => [ "logdate", "YYYY-MM-dd HH:mm:ss,SSS"] 
    exclude_tags => "_grokparsefailure" 
    } 

    # Catches normal space indented type things, probably could be removed b/c the other multiline should do everythign we need 
    multiline { 
    type => "log4j" 
    tags => ["_grokparsefailure"] # exclude anything we already handled 
    pattern => ".*" 
    what => "previous" 
    add_tag => "notgrok" 
    } 
} 


output { 
    gelf { 
    host => "localhost" 
    custom_fields => ["environment", "PROD", "service", "BestServiceInTheWorld"] 
    } 
    # Print each event to stdout. 
    stdout { 
    codec => json 
    } 
}

来源

2015-08-21 12:03:19

面向logstash中的错误

回答

相关问题