elasticsearch" />
elasticsearch,Log4j,Log4j 如何阻止Elastic Search在日志中添加新行分隔的调用堆栈
我将弹性搜索配置为将日志写入文件。我发现当调试日志通过弹性搜索时,写日志,然后写所有的调用堆栈,用换行符分隔 我只希望日志显示在我的日志文件中,不希望看到调用堆栈 下面是一个日志示例:Log4j 如何阻止Elastic Search在日志中添加新行分隔的调用堆栈,log4j,
elasticsearch,Log4j,
[2013-10-01 09:02:10,695][DEBUG][action.bulk] [Cap 'N Hawk] [metrics-2013.10.01][2] failed to execute bulk item (index) index {[metrics-2013.10.01][metrics][XTvepSybQZaUed6h4Xupag], source[{"..."}]}
org.elasticsearch.index.mapper.MapperParsingException: failed to parse [deviceTelephonyID]
at org.elasticsearch.index.mapper.core.AbstractFieldMapper.parse(AbstractFieldMapper.java:396)
at org.elasticsearch.index.mapper.object.ObjectMapper.serializeValue(ObjectMapper.java:599)
at org.elasticsearch.index.mapper.object.ObjectMapper.parse(ObjectMapper.java:467)
at org.elasticsearch.index.mapper.DocumentMapper.parse(DocumentMapper.java:507)
at org.elasticsearch.index.mapper.DocumentMapper.parse(DocumentMapper.java:451)
at org.elasticsearch.index.shard.service.InternalIndexShard.prepareCreate(InternalIndexShard.java:306)
at org.elasticsearch.action.bulk.TransportShardBulkAction.shardIndexOperation(TransportShardBulkAction.java:386)
at org.elasticsearch.action.bulk.TransportShardBulkAction.shardOperationOnPrimary(TransportShardBulkAction.java:155)
at org.elasticsearch.action.support.replication.TransportShardReplicationOperationAction$AsyncShardOperationAction.performOnPrimary(TransportShardReplicationOperationAction.java:532)
at org.elasticsearch.action.support.replication.TransportShardReplicationOperationAction$AsyncShardOperationAction$1.run(TransportShardReplicationOperationAction.java:430)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)
Caused by: java.lang.NumberFormatException: For input string: "NOTELEPHONY"
at sun.misc.FloatingDecimal.readJavaFormatString(FloatingDecimal.java:1241)
at java.lang.Double.parseDouble(Double.java:540)
at org.elasticsearch.common.xcontent.support.AbstractXContentParser.doubleValue(AbstractXContentParser.java:95)
at org.elasticsearch.index.mapper.core.DoubleFieldMapper.innerParseCreateField(DoubleFieldMapper.java:308)
at org.elasticsearch.index.mapper.core.NumberFieldMapper.parseCreateField(NumberFieldMapper.java:167)
at org.elasticsearch.index.mapper.core.AbstractFieldMapper.parse(AbstractFieldMapper.java:385)
... 12 more
file:
type: dailyRollingFile
file: ${path.logs}/es_log.log
datePattern: "'.'yyyy-MM-dd"
layout:
type: pattern
conversionPattern: "[%d{ISO8601}][%p][%c] %m%n"
alwaysWriteExceptions: false
replace:
regex: "(\n.*)*"
replacement: ""
[2013-10-01 09:02:10,695][DEBUG][action.bulk] [Cap 'N Hawk] [metrics-2013.10.01][2] failed to execute bulk item (index) index {[metrics-2013.10.01][metrics][XTvepSybQZaUed6h4Xupag], source[{"..."}]}
似乎找到了替代解决方案,但我不确定是否可以使用弹性搜索配置…要禁用打印异常,您需要正确配置布局。此布局中的模式为%xEx{none}。把它放在布局的任何地方 我不知道为什么替换不起作用;我的猜测是,要么需要将其设置为多行regexp,要么regexp只应用于消息本身,而不是异常 也就是说,我不认为在日志中抑制异常是一个好方法
我会通过抑制这个特定记录器的输出来配置系统,使其不记录这些异常,或者更改代码以更优雅地处理非数字输入。如果禁用所有异常,也不会看到重要/实际错误。Elastic Search负责记录消息,因此我无法配置该代码。弹性搜索在log4j设置上提供了一个YAML接口,以使最终用户能够自定义他们的日志。我刚刚尝试将转换模式更改为:[%d{ISO8601}][%p][%c]%xEx{none}%m%n。它什么也没做。。。不过感谢您的建议:-我建议创建一个最小的测试用例,一个带有main的类,一个记录异常的记录器,以及一个禁用异常记录的配置。如果你不能做到这一点,打开一个新问题并发布你的代码。问题是如何通过基于YAML的接口在log4j上配置Elastic Search的日志输出。我没有写任何代码。我没有在自己的Java应用程序中使用log4j。Elastic search可能没有使用log4j做任何事情,因此一个最小的测试项目将允许您找到解决方案,而不会浪费大量时间启动/停止ES、配置它等。