Logstash 我怎么能把空行放在日志库里
在我的日志存储日志中,有时会出现空行或只有空格的行 为了删除空行,我创建了一个dropemptyline过滤器文件Logstash 我怎么能把空行放在日志库里,logstash,logstash-grok,Logstash,Logstash Grok,在我的日志存储日志中,有时会出现空行或只有空格的行 为了删除空行,我创建了一个dropemptyline过滤器文件 # drop empty lines filter { if [message] =~ /^\s*$/ { drop { } } } 但是空行过滤器并没有像预期的那样工作,主要是因为这个特殊的过滤器在一个链中,其他过滤器后面有过滤器 00_input.conf 05_syslogfilter.conf 06_dropemptylines.conf
# drop empty lines
filter {
if [message] =~ /^\s*$/ {
drop { }
}
}
00_input.conf
05_syslogfilter.conf
06_dropemptylines.conf
07_classifier.conf
2015-02-11 15:02:12.347 WARN 1 --- [tp1812226644-23] o.eclipse.jetty.servlet.ServletHandler :
org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.dao.DataAccessResourceFailureException: Timed out after 10000 ms while waiting for a server that matches AnyServerSelector{}. Client view of cluster state is {type=Unknown, servers=[{address=mongo:27017, type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: Exception opening the socket}, caused by {java.net.UnknownHostException: mongo: unknown error}}]; nested exception is com.mongodb.MongoTimeoutException: Timed out after 10000 ms while waiting for a server that matches AnyServerSelector{}. Client view of cluster state is {type=Unknown, servers=[{address=mongo:27017, type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: Exception opening the socket}, caused by {java.net.UnknownHostException: mongo: unknown error}}]
我的问题是如何退出所有筛选器并直接转到输出?您可以使用
grok%{GREEDYDATA:1st}(\n{1,})%{GREEDYDATA:2nd}
{
"1st": [
[
"2015-02-11 15:02:12.347 WARN 1 --- [tp1812226644-23] o.eclipse.jetty.servlet.ServletHandler : "
]
],
"2nd": [
[
"org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.dao.DataAccessResourceFailureException: Timed out after 10000 ms while waiting for a server that matches AnyServerSelector{}. Client view of cluster state is {type=Unknown, servers=[{address=mongo:27017, type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: Exception opening the socket}, caused by {java.net.UnknownHostException: mongo: unknown error}}]; nested exception is com.mongodb.MongoTimeoutException: Timed out after 10000 ms while waiting for a server that matches AnyServerSelector{}. Client view of cluster state is {type=Unknown, servers=[{address=mongo:27017, type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: Exception opening the socket}, caused by {java.net.UnknownHostException: mongo: unknown error}}]"
]
]
}
(?m)%{GREEDYDATA:log}
{
"log": [
[
"2015-02-11 15:02:12.347 WARN 1 --- [tp1812226644-23] o.eclipse.jetty.servlet.ServletHandler : \n\n\n\norg.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.dao.DataAccessResourceFailureException: Timed out after 10000 ms while waiting for a server that matches AnyServerSelector{}. Client view of cluster state is {type=Unknown, servers=[{address=mongo:27017, type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: Exception opening the socket}, caused by {java.net.UnknownHostException: mongo: unknown error}}]; nested exception is com.mongodb.MongoTimeoutException: Timed out after 10000 ms while waiting for a server that matches AnyServerSelector{}. Client view of cluster state is {type=Unknown, servers=[{address=mongo:27017, type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: Exception opening the socket}, caused by {java.net.UnknownHostException: mongo: unknown error}}]"
]
]
}
根据您的示例数据,它看起来像一条已组合的多行消息。如果是这样的话,额外的换行符在字符串中,因此锚定regexp(使用^和$)将不起作用。多行筛选器位于droplines之后。通过一个简单的配置传递输入,只使用drop{}可以正常工作。你有关于这个问题的更多细节吗?