基本上我需要过滤掉日期 - 严重性 - JAVACLASSNAME - 错误消息。
这对我有用......但它只完成了一半。 (?[0-9]{4}-[0-9]{2}-[0-9]{2}[0-9]{2}:[0-9]{2}:[0-9 ]{2},[0-9]{3}) %{WORD:严重性}(?:%{GREEDYDATA:msg})
它没有显示 Javaclass..!
这是我得到的输出
{
"Timestamp": [
[
"2015-03-03 03:12:16,978"
]
],
"Severity": [
[
"INFO"
]
],
"Error_Message": [
[
" [http-bio-16006-exec-71] [XYZ.ABC.JLM.app.task.ERT] [app:/saas reqid:23121221 jsid:* aid:* uid: org: vorg: un:] - Received to update queued for monitorId=54213213JBNJBSJBSJBS, worklow=8u298u2189u312, session=21684216814321"
]
]
}
剧情
2015-03-03 03:12:16,978 INFO [http-bio-16006-exec-71] [XYZ.ABC.JLM.app.task.ERT] [app:/saas reqid:23121221 jsid:* aid:* uid: org: vorg: un:] - Received to update queued for monitorId=54213213JBNJBSJBSJBS, worklow=8u298u2189u312, session=21684216814321
最佳答案
这应该有效:
filter {
grok {
match => [
"message",
"%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:severity} \[(?<threadname>[^\]]+)\] \[(?<classname>[^\]]+)\] %{GREEDYDATA:message}"
]
overwrite => ["message"]
}
}
关于regex - 具有此日志行的 Grok 模式,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28826995/