Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Post an Article
Welcome To Ask or Share your Answers For Others

Categories

logstash grok 字段是怎么新增的?

0 votes
838 views
in Technique[技术] by (71.8m points)

logstash grok 字段是怎么新增的?

filebeat 收集日志 发送给 logstash

input {
  beats {
    port => 5044
    ssl => false
  }
}


filter {
    grok {
     match => { "message", "%{HOUR}:?%{MINUTE}(?::?%{SECOND}) %{DATA:thread} %{JAVACLASS:class}  %{JAVALOGMESSAGE:logmessage}" }

}

output {
    stdout { codec => rubydebug }
}

输出的记过,只有一些默认字段,grok 里面定义的{JAVALOGMESSAGE:logmessage} logmessage 怎么没有单独显示出来?

只是显示 "message" => "09:05:08.193 http-nio-8080-exec-5 o.h.engine.jdbc.spi.SqlExceptionHelper FUNCTION zh.nvl does not exist", 和一些默认字段

不是应该有 "logmessage" => "FUNCTION zh.nvl does not exist"

我用的都是7.8的版本。


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
等待大神解答

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

Just Browsing Browsing

1.4m articles

1.4m replys

5 comments

56.7k users

Most popular tags

Snow Theme by Q2A Market
Powered by Question2Answer
...