Logstash grok 过滤器不适用于最后一个字段
Logstash grok filter doesn't work for the last field
使用 Logstash 2.3.3,grok 过滤器对最后一个字段不起作用。
要重现该问题,请按如下方式创建 test.conf:
input {
file {
path => "/Users/izeye/Applications/logstash-2.3.3/test.log"
}
}
filter {
grok {
match => { "message" => "%{DATA:id1},%{DATA:id2},%{DATA:id3},%{DATA:id4},%{DATA:id5}" }
}
}
output {
stdout {
codec => rubydebug
}
}
运行 ./bin/logstash -f test.conf
启动后,在另一个终端运行echo "1,2,3,4,5" >> test.log
我得到了以下输出:
Johnnyui-MacBook-Pro:logstash-2.3.3 izeye$ ./bin/logstash -f test.conf
Settings: Default pipeline workers: 8
Pipeline main started
{
"message" => "1,2,3,4,5",
"@version" => "1",
"@timestamp" => "2016-07-07T07:57:42.830Z",
"path" => "/Users/izeye/Applications/logstash-2.3.3/test.log",
"host" => "Johnnyui-MacBook-Pro.local",
"id1" => "1",
"id2" => "2",
"id3" => "3",
"id4" => "4"
}
您可以看到缺少的id5。
我不确定这是错误还是配置错误。
如有任何提示,我们将不胜感激。
使用 Logstash 2.3.3,grok 过滤器对最后一个字段不起作用。
要重现该问题,请按如下方式创建 test.conf:
input {
file {
path => "/Users/izeye/Applications/logstash-2.3.3/test.log"
}
}
filter {
grok {
match => { "message" => "%{DATA:id1},%{DATA:id2},%{DATA:id3},%{DATA:id4},%{DATA:id5}" }
}
}
output {
stdout {
codec => rubydebug
}
}
运行 ./bin/logstash -f test.conf
启动后,在另一个终端运行echo "1,2,3,4,5" >> test.log
我得到了以下输出:
Johnnyui-MacBook-Pro:logstash-2.3.3 izeye$ ./bin/logstash -f test.conf
Settings: Default pipeline workers: 8
Pipeline main started
{
"message" => "1,2,3,4,5",
"@version" => "1",
"@timestamp" => "2016-07-07T07:57:42.830Z",
"path" => "/Users/izeye/Applications/logstash-2.3.3/test.log",
"host" => "Johnnyui-MacBook-Pro.local",
"id1" => "1",
"id2" => "2",
"id3" => "3",
"id4" => "4"
}
您可以看到缺少的id5。
我不确定这是错误还是配置错误。
如有任何提示,我们将不胜感激。