如何使用 logstash 将自定义格式的日志文件拆分为 json?
how can I split custom formated log file into json by using logstash?
我的问题与拆分 txt 日志文件有关 logstash 日志 file.I 意思是自定义字符串 txt TO json 格式化但是如何?
我的日志是这样的:
2017-10-18 18:04:25,194|231|ERROR|Ex:GeneralResource_tr-TR_Title.ResourceKey_1 resource key already added to cache
2017-10-18 18:04:25,194|231|ERROR|Ex:GeneralResource_en-US_Title.ResourceKey_1 resource key already added to cache
2017-10-18 18:04:25,194|231|ERROR|Ex:GeneralResource_en-US_Title.Close_1 resource key already added to cache
2017-10-18 18:04:25,194|231|ERROR|Ex:GeneralResource_tr-TR_Title.Close_1 resource key already added to cache
2017-10-18 18:04:25,194|231|ERROR|Ex:vbfavouriteshortcuts_en-US_newshortcut-item.vbText_0 resource key already added to cache
我的自定义模板:
时间戳|RequestId|日志类型|消息
但我想将其传输 json 格式以与 logstash 一起使用?我该怎么做?
您可以在 Logstash 中使用 Grok filter plugin 解析日志。
...
filter {
grok {
match => {"message" => "%{TIMESTAMP_ISO8601:TimeStamp}\|%{NUMBER:RequestId}\|%{LOGLEVEL:LogType}\|%{GREEDYDATA:Message}"}
}
}
...
我的问题与拆分 txt 日志文件有关 logstash 日志 file.I 意思是自定义字符串 txt TO json 格式化但是如何?
我的日志是这样的:
2017-10-18 18:04:25,194|231|ERROR|Ex:GeneralResource_tr-TR_Title.ResourceKey_1 resource key already added to cache
2017-10-18 18:04:25,194|231|ERROR|Ex:GeneralResource_en-US_Title.ResourceKey_1 resource key already added to cache
2017-10-18 18:04:25,194|231|ERROR|Ex:GeneralResource_en-US_Title.Close_1 resource key already added to cache
2017-10-18 18:04:25,194|231|ERROR|Ex:GeneralResource_tr-TR_Title.Close_1 resource key already added to cache
2017-10-18 18:04:25,194|231|ERROR|Ex:vbfavouriteshortcuts_en-US_newshortcut-item.vbText_0 resource key already added to cache
我的自定义模板:
时间戳|RequestId|日志类型|消息
但我想将其传输 json 格式以与 logstash 一起使用?我该怎么做?
您可以在 Logstash 中使用 Grok filter plugin 解析日志。
...
filter {
grok {
match => {"message" => "%{TIMESTAMP_ISO8601:TimeStamp}\|%{NUMBER:RequestId}\|%{LOGLEVEL:LogType}\|%{GREEDYDATA:Message}"}
}
}
...