Fatal编程技术网
  • cmd/
  • Cmd 使用Logstash获取异常发生时的特定行集

Cmd 使用Logstash获取异常发生时的特定行集

cmd logstash

Cmd 使用Logstash获取异常发生时的特定行集,cmd,logstash,Cmd,Logstash,当发生异常时,我只需要从日志中获取一组选定的行 需要解析的日志: [2/24/16 11:31:35:276 SAST]00000053 BusinessExcep E CNTR0020E:EJB在调用bean“BeanId(cva管理ear#vis-EJB-cva-4.20.0.0-SNAPSHOT.jar#CustomerDashboardServiceBean,null)”上的方法“getCustomerDashBoardCVAHistoricalDataRequestCount”时引发了

当发生异常时,我只需要从日志中获取一组选定的行

需要解析的日志:

[2/24/16 11:31:35:276 SAST]00000053 BusinessExcep E CNTR0020E:EJB在调用bean“BeanId(cva管理ear#vis-EJB-cva-4.20.0.0-SNAPSHOT.jar#CustomerDashboardServiceBean,null)”上的方法“getCustomerDashBoardCVAHistoricalDataRequestCount”时引发了意外(未声明)异常。异常数据:java.lang.RuntimeException:com.ibm.websphere.naming.CannotInstateObjectException:JNDI NamingManager处理javax.naming.Reference对象时发生异常。[根异常是com.ibm.websphere.ejbcontainer.AmbiguousEJBReferenceException:缩写默认绑定'za.co.sb.archiving.midtier.ejb.HistoricalDataRequestBusinessServiceRemote'不明确,因为多个bean实现了该接口:[channel Frontender#channel-biz-ejb-3-4.20.0.0-SNAPSHOT.jar#HistoricalDataRequestBusinessServiceBean,nbol-rest-0(0 0)U 1-20150729(u 102930-10)war#提供特定于接口的绑定或在查找时使用长格式的默认绑定。] 在za.co.sb.channel.cva.customerdashboard.midtier.pojo.CustomerDashboardVisServicePojo.getRequestBusinessService(CustomerDashboardVisServicePojo.java:355) 在za.co.sb.channel.cva.customerdashboard.midtier.pojo.CustomerDashboardVisServicePojo.getHistoricalDataRequestCount(CustomerDashboardVisServicePojo.java:282) 在za.co.sb.channel.cva.customerdashboard.midtier.pojo.CustomerDashboardVisServicePojo.getCustomerDashBoardHistoricalDataRequestCount(CustomerDashboardVisServicePojo.java:249) 在za.co.sb.channel.cva.customerdashboard.midtier.ejb.CustomerDashboardServiceBean.getCustomerDashBoardCVAHistoricalDataRequestCount(CustomerDashboardServiceBean.java:49) 在za.co.sb.channel.cva.customerdashboard.midtier.ejb.EJSLocal0SLCustomerDashboardServiceBean_7d8a7f63.getCustomerDashBoardCVAHistoricalDataRequestCount(EJSLocal0SLCustomerDashboardServiceBean_7d8a7f63.java) 在sun.reflect.NativeMethodAccessorImpl.invoke0(本机方法)处 位于sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 在sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)中 位于java.lang.reflect.Method.invoke(Method.java:597) 在za.co.sb.midtier.processservice.ProcessServiceImpl.callService(ProcessServiceImpl.java:770) 在za.co.sb.midtier.processservice.ProcessServiceImpl.RetrieverResultData(ProcessServiceImpl.java:1151) 在za.co.sb.midtier.processservice.ProcessServiceImpl.process(ProcessServiceImpl.java:248) 位于za.co.sb.midtier.processservice.ProcessServiceBean.process(ProcessServiceBean.java:63) 在za.co.sb.midtier.processservice.EJSRemote0SLCustomerAdminProcessService_450d08b4.process(EJSRemote0SLCustomerAdminProcessService_450d08b4.java) 位于sun.reflect.GeneratedMethodAccessor1150.invoke(未知源) 在sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)中 位于java.lang.reflect.Method.invoke(Method.java:597) com.ibm.CORBA.iiop.ClientDelegate$3.run(ClientDelegate.java:1266) 位于java.security.AccessController.doPrivileged(本机方法) 位于com.ibm.CORBA.iiop.ClientDelegate.invoke0(ClientDelegate.java:1263) 位于com.ibm.CORBA.iiop.ClientDelegate$ClientDelegate0.invoke(ClientDelegate.java:1500) 位于com.sun.proxy.$Proxy116.process(未知源) 在za.co.sb.midtier.processservice.\u processservice\u Stub.process(\u processservice\u Stub.java) 在za.co.sb.core.midtier.router.delegates.ModuleDelegate.processData(ModuleDelegate.java:48) 在za.co.sb.core.midtier.router.CoreRouter.doGet(CoreRouter.java:231) 位于za.co.sb.core.midtier.router.CoreRouter.doPost(CoreRouter.java:459) 位于javax.servlet.http.HttpServlet.service(HttpServlet.java:595) 位于javax.servlet.http.HttpServlet.service(HttpServlet.java:668) 位于com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1230) 位于com.ibm.ws.webcontainer.servlet.ServletWrapper.HandlerRequest(ServletWrapper.java:779) 位于com.ibm.ws.webcontainer.servlet.ServletWrapper.HandlerRequest(ServletWrapper.java:478) 位于com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.HandlerRequest(ServletWrapperImpl.java:178) 位于com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:136) com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:97) 在za.co.sb.core.midtier.router.CoreRouterFilter.doFilter(CoreRouterFilter.java:136) 位于com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:195) com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91) 位于za.co.sb.core.midtier.router.HTTPTokenFilter.doFilter(HTTPTokenFilter.java:78) 位于com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:195) com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91) 位于za.co.sb.core.midtier.router.VerificationFilter.doFilter(VerificationFilter.java:152) 位于com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:195) com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91) 在com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:960) 在com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters上(WebAppFilterManager.java:1064) 位于com.ibm.ws.webcontainer.servlet.CacheServletWrapper.HandlerRequest(CacheServletWrapper.java:87) 位于com.ibm.ws.webcontainer.webcontainer.handleRequest(webcontainer.java:909) 位于com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1662) 位于com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java 
filter{
        multiline {
                    pattern => "\[%{DATE}"
                    negate => true
                    what => "previous"
                  }
        grok {

              patterns_dir => "./patterns"
              match => [ "message","%{DATESTAMP} %{WORD:zone}] %{WORD:ID} %{WORD:CLASS}\s* W %{GREEDYDATA:ErrorText} "]
              add_tag => "Warning Detected"
              remove_tag => "_grokparsefailure"
        }
        grok {
              match => [ "message","%{DATESTAMP} %{WORD:zone}] %{WORD:ID} %{WORD:CLASS}\s* E %{GREEDYDATA:ErrorText}"]
              remove_tag => "_grokparsefailure"
              add_tag => "Error Detected"
        }
        grok {
              match => [ "message","%{DATESTAMP} %{WORD:zone}] %{WORD:ID} %{WORD:CLASS}\s* I %{GREEDYDATA:ErrorText}"]
              remove_tag => "_grokparsefailure"
              add_tag => "Information Detected"
        }
        grok {
              match => [ "message","%{DATESTAMP} %{WORD:zone}] %{WORD:ID} %{WORD:CLASS}\s* A %{GREEDYDATA:ErrorText}"]
              remove_tag => "_grokparsefailure"
              add_tag => "Application Detected"
        }
        grok{
            match => ["message", "%{JAVALOGMESSAGE:Error Class}"]
            remove_tag => "_grokparsefailure"s
        }

        if [CLASS] =~ /BusinessExcep/ {
            mutate{
            add_tag => "Sikitan chinna payan"
            }
        } 


}