grok 过滤器从两个特定单词中提取一些消息
grok filter to extract some message from two specific words
示例日志文件在
下面
2018-07-02 09:35:57 991 [INFO] from application in pool-2-thread-9 - Authenticate document processing time for transactionId : 1271400374895007_node1 documentType : Passport is 1629 msec
我编写了 grok 过滤器来提取一些字段,例如交易、文档类型、持续时间
%{TIMESTAMP_ISO8601:timestamp} (\[%{WORD:loglevel}\]) (?<logger>(?:[a-zA-Z0-9-]+\.)*[A-Za-z0-9$]+)\s+(-\s+)? %{GREEDYDATA} .*transactionId : %{WORD:transactionid} documentType : %{WORD:document type} is (?<duration>.*msec
有人可以建议如何提取两个特定单词“-”之间的数据(消息之间)"processing time"
您可以创建自定义模式来匹配 - 和 processing time、
之间的所有内容
(?<pool_thread>\w+[-]\d+[-]\w+[-]\d+\s*?)-(?<custom_word>.*?)(processing time)
这将输出,
{
"pool_thread": [
[
"pool-2-thread-9 "
]
],
"custom_word": [
[
" Authenticate document "
]
]
}
示例日志文件在
下面2018-07-02 09:35:57 991 [INFO] from application in pool-2-thread-9 - Authenticate document processing time for transactionId : 1271400374895007_node1 documentType : Passport is 1629 msec
我编写了 grok 过滤器来提取一些字段,例如交易、文档类型、持续时间
%{TIMESTAMP_ISO8601:timestamp} (\[%{WORD:loglevel}\]) (?<logger>(?:[a-zA-Z0-9-]+\.)*[A-Za-z0-9$]+)\s+(-\s+)? %{GREEDYDATA} .*transactionId : %{WORD:transactionid} documentType : %{WORD:document type} is (?<duration>.*msec
有人可以建议如何提取两个特定单词“-”之间的数据(消息之间)"processing time"
您可以创建自定义模式来匹配 - 和 processing time、
(?<pool_thread>\w+[-]\d+[-]\w+[-]\d+\s*?)-(?<custom_word>.*?)(processing time)
这将输出,
{
"pool_thread": [
[
"pool-2-thread-9 "
]
],
"custom_word": [
[
" Authenticate document "
]
]
}