log4j的Logstash模式
我正在设置Elasticsearch、Logstash和Kibana。我在配置“logstash.conf”时遇到了一个错误。这是我的错误log4j的Logstash模式,log4j,logstash,logstash-grok,Log4j,Logstash,Logstash Grok,我正在设置Elasticsearch、Logstash和Kibana。我在配置“logstash.conf”时遇到了一个错误。这是我的错误 {:timestamp=>"2015-05-25T21:56:59.907000-0400", :message=>"Error: Expected one of #, {, ,, ] at line 12, column 49 (byte 265) after filter {\n grok {\n match => [\"me
{:timestamp=>"2015-05-25T21:56:59.907000-0400", :message=>"Error: Expected one of #, {, ,, ] at line 12, column 49 (byte 265) after filter {\n grok {\n match => [\"message\", \"<log4j:event logger=\""}
{:timestamp=>"2015-05-25T21:56:59.915000-0400", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}
{:timestamp=>“2015-05-25T21:56:59.907000-0400”,:message=>“错误:在过滤器{\n grok{\n match=>[\“message\”,\“2015-05-25T21:56:59.915000-0400”之后的第12行第49列(字节265)处,应为{,,]之一,message=>“您可能对'--configtest'标志感兴趣,在选择重新启动正在运行的系统之前,\n可以使用该标志验证logstash的配置。”}
grok {
match => ["message", "<log4j:event logger="%{DATA:emitter}" timestamp="%{BASE10NUM:timestamp}" level="%{LOGLEVEL:level}" thread="%{DATA:thread}">, <log4j:message><%{GREEDYDATA:message}></log4j:message>" ]
}
grok{
匹配=>[“消息”,“,”]
}
我是麋鹿新手。因为你的格罗克模式包含双引号,你必须
grok {
match => ["message", "<log4j:event logger=\"%{DATA:emitter}\" ..." ]
}
grok{
匹配=>[“消息”
grok {
match => ["message", '<log4j:event logger="%{DATA:emitter}" ...' ]
}