-1
是否可以提高存储在ELK堆栈上的日志的日志级别?现在我发现所有日志级别都存储在我的elk堆栈中,我只希望那些警告和错误日志存储在堆栈中,怎么做?如何rasie存储在elk堆栈中的日志的日志级别
A
回答
1
我认为你正在寻找logstash drop过滤器,它允许你根据一些标准过滤出日志,在你的情况下调试,信息等。从文档,一个过滤器可能看起来像:
filter {
if [loglevel] == "debug" {
drop { }
}
}
https://www.elastic.co/guide/en/logstash/current/plugins-filters-drop.html
而且,你的问题看起来与此类似:
0
如果你有一个日志文件test.log中如下所示:
DEBUG | 2008-09-06 10:51:44,817 | DefaultBeanDefinitionDocumentReader.java | 86 | Loading bean definitions
WARN | 2008-09-06 10:51:44,848 | AbstractBeanDefinitionReader.java | 185 | Loaded 5 bean definitions from location pattern [samContext.xml]
INFO | 2008-09-06 10:51:44,848 | XmlBeanDefinitionReader.java | 323 | Loading XML bean definitions from class path resource [tmfContext.xml]
DEBUG | 2008-09-06 10:51:44,848 | DefaultDocumentLoader.java | 72 | Using JAXP provider [com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl]
ERROR | 2008-09-06 10:51:44,848 | BeansDtdResolver.java | 72 | Found beans DTD [http://www.springframework.org/dtd/spring-beans.dtd] in classpath: spring-beans.dtd
ERROR | 2008-09-06 10:51:44,864 | DefaultBeanDefinitionDocumentReader.java | 86 | Loading bean definitions
DEBUG | 2008-09-06 10:51:45,458 | AbstractAutowireCapableBeanFactory.java | 411 | Finished creating instance of bean 'MS-SQL'
您可以定义ñ如果有条件的消息,你想保留和删除其他:
input {
file {
path => "/your/path/test.log"
sincedb_path => "/your/path/test.idx"
start_position => "beginning"
}
}
filter {
if [message] =~ "WARN" or [message] =~ "ERROR" {
} else {
drop {}
}
}
output {
stdout {
codec => rubydebug
}
}
然后,你会看到如下页面:
{
"message" => "WARN | 2008-09-06 10:51:44,848 | AbstractBeanDefinitionReader.java | 185 | Loaded 5 bean definitions from location pattern [samContext.xml]",
"@version" => "1",
"@timestamp" => "2015-09-17T18:30:24.897Z",
"host" => "MacBook-Pro-de-Alain.local",
"path" => "/Users/Alain/Workspace/elk/logstash-1.5.4/config/filter/test.log"
}
{
"message" => "ERROR | 2008-09-06 10:51:44,848 | BeansDtdResolver.java | 72 | Found beans DTD [http://www.springframework.org/dtd/spring-beans.dtd] in classpath: spring-beans.dtd",
"@version" => "1",
"@timestamp" => "2015-09-17T18:30:24.898Z",
"host" => "MacBook-Pro-de-Alain.local",
"path" => "/Users/Alain/Workspace/elk/logstash-1.5.4/config/filter/test.log"
}
{
"message" => "ERROR | 2008-09-06 10:51:44,864 | DefaultBeanDefinitionDocumentReader.java | 86 | Loading bean definitions",
"@version" => "1",
"@timestamp" => "2015-09-17T18:30:24.899Z",
"host" => "MacBook-Pro-de-Alain.local",
"path" => "/Users/Alain/Workspace/elk/logstash-1.5.4/config/filter/test.log"
}
问候, 阿兰
相关问题
- 1. 日志和ELK堆栈在不同的服务器上,如何显示日志?
- 2. ELK栈的日志报告软件
- 3. ELK堆栈 - 如何将所有旧日志回填到elasticsearch?
- 4. ELK堆栈+用于收集Rails日志的Filebeat
- 5. 使用log4j和ELK堆栈错误编码的日志消息堆栈
- 6. 与kibana的ELK日志
- 7. JavaScript日志记录库(日志级别)
- 8. JVM日志堆栈跟踪
- 9. 不同级别的日志在不同的日志文件中
- 10. karaf日志级别
- 11. MongoDB日志级别
- 12. Log4j日志级别
- 13. XCGLogger - 如何设置所有日志的日志级别
- 14. 如何控制Azure诊断日志的日志级别?
- 15. 回溯日志中的堆栈帧NULL
- 16. LoggerFields的系统日志(输出日志优先级和堆栈跟踪)
- 17. 温斯顿日志级别/隐藏日志级别
- 18. ELK -GWOK模式Winston日志
- 19. Rails的缓存日志级别
- 20. 如何在GWT日志记录中配置类特定的日志级别?
- 21. 谷歌日志记录中的自定义日志级别
- 22. Boost日志2.0:日志中的空严重级别
- 23. 在ELK中合并日志和查询
- 24. 日志的清理堆栈跟踪
- 25. 日志堆栈跟踪的Play应用
- 26. 如何在Log4net中配置日志级别低于根级别的子级日志记录器
- 27. Dropwizard:删除INFO级别的日志,但保持DEBUG级别的日志
- 28. 通过配置日志驱动程序将Docker容器日志发送到ELK堆栈 - 简单方法
- 29. Android日志记录级别
- 30. 设置Android日志级别
感谢。有用。 –