1. 首页
  2. 问答
  3. 格罗克模式与此日志行

格罗克模式与此日志行

2015-03-03 66 views
1

基本上我需要过滤掉日期 - 严重 - JAVACLASSNAME - 错误消息。格罗克模式与此日志行

这是为我工作..但它只是一半完成。 (0 [0-9] {4} - [0-9] {2} - [0-9] {2} [0-9] {2}:[0-9] {2}:[0- 9] {2},[0-9] {3})%{WORD:Severity}(?:%{GREEDYDATA:msg})

它不显示Javaclass ..!

这里是输出我得到

{ 
 
    "Timestamp": [ 
 
    [ 
 
     "2015-03-03 03:12:16,978" 
 
    ] 
 
    ], 
 
    "Severity": [ 
 
    [ 
 
     "INFO" 
 
    ] 
 
    ], 
 
    "Error_Message": [ 
 
    [ 
 
     " [http-bio-16006-exec-71] [XYZ.ABC.JLM.app.task.ERT] [app:/saas reqid:23121221 jsid:* aid:* uid: org: vorg: un:] - Received to update queued for monitorId=54213213JBNJBSJBSJBS, worklow=8u298u2189u312, session=21684216814321" 
 
    ] 
 
    ] 
 
}

的logline

2015-03-03 03:12:16,978 INFO [http-bio-16006-exec-71] [XYZ.ABC.JLM.app.task.ERT] [app:/saas reqid:23121221 jsid:* aid:* uid: org: vorg: un:] - Received to update queued for monitorId=54213213JBNJBSJBSJBS, worklow=8u298u2189u312, session=21684216814321

来源

2015-03-03 kooshals

+0

和“XYZ.ABC.JLM.app 。任务.ERT“是你想要提取的Java类? – 2015-03-03 11:04:07

+0

是...所以这是日志的格式.. – kooshals 2015-03-03 11:14:16

回答

1

这应该工作:

filter { 
    grok { 
    match => [ 
     "message", 
     "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:severity} \[(?<threadname>[^\]]+)\] \[(?<classname>[^\]]+)\] %{GREEDYDATA:message}" 
    ] 
    overwrite => ["message"] 
    } 
}

来源

2015-03-03 12:13:22

+0

谢谢你...我认为这是工作..需要检查它对所有的日志 – kooshals 2015-03-09 16:44:16

相关问题

 相关问题