elasticsearch 用于tomcat日志的Logstash GROK过滤器,elasticsearch,filter,logstash,elastic-stack,logstash-grok,elasticsearch,Filter,Logstash,Elastic Stack,Logstash Grok" /> elasticsearch 用于tomcat日志的Logstash GROK过滤器,elasticsearch,filter,logstash,elastic-stack,logstash-grok,elasticsearch,Filter,Logstash,Elastic Stack,Logstash Grok" />
Fatal编程技术网
  • elasticsearch/
  • elasticsearch 用于tomcat日志的Logstash GROK过滤器

elasticsearch 用于tomcat日志的Logstash GROK过滤器

filter logstash

elasticsearch 用于tomcat日志的Logstash GROK过滤器,elasticsearch,filter,logstash,elastic-stack,logstash-grok,elasticsearch,Filter,Logstash,Elastic Stack,Logstash Grok,我是elk的新手,我需要一种模式,可以从tomcat日志中找到“transactionid”值并创建单独的字段 示例日志如下所示 2018-03-14 10:58:36,853 INFO so:165 - Female Value : 0.084370888769626617 for transactionId ABCsdf62969 2018-03-14 10:58:36,853 INFO so:165 - White Value : 0.90355902910232544 for trans

我是elk的新手,我需要一种模式,可以从tomcat日志中找到“transactionid”值并创建单独的字段

示例日志如下所示

2018-03-14 10:58:36,853 INFO so:165 - Female Value : 0.084370888769626617 for transactionId ABCsdf62969
2018-03-14 10:58:36,853 INFO so:165 - White Value : 0.90355902910232544 for transactionId ABtgF62969
2018-03-14 10:58:36,853 INFO so:165 - Black Value : 0.001742142834700644 for transactionId ZBCBfg2969
2018-03-14 10:58:36,853 INFO so:165 - Asian Value : 0.0055485325865447521 for transactionId TBCBF62969
2018-03-14 10:58:36,853 INFO so:165 - Hispanic Value : 0.079676181077957153 for transactionId L45BF62969
2018-03-14 10:58:36,853 INFO so:165 - Other Value : 0.0094741648063063622 for transactionId A56BF62969
这不是一个提问/回答的网站,你只是问问题,甚至没有尝试。至少先尝试,然后找出错误

我认为您是这个平台的新手。这次我将向您介绍模式,但请先尝试理解它,然后自己研究未来的模式

对于您的情况,这将起作用:

  grok {
     match => ["message", "%{TIMESTAMP_ISO8601:time} %{LOGLEVEL:log_level} %{GREEDYDATA:some_data} transactionId %{WORD:transaction_id}"]
  }
努力工作。谢谢!!

谢谢你的快速回复@Ashif,我试过在正则表达式下面,但没有使用过滤器{grok{match=>{“message”=>{%{TIMESTAMP\u ISO8601:time}%{LOGLEVEL:log\u level}%{GREEDYDATA:some\u data}transactionId%{WORD transaction\u id}}