Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/date/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
基于正则表达式的logstash conf放置行_Logstash_Logstash Grok - Fatal编程技术网
Fatal编程技术网
  • logstash/
  • 基于正则表达式的logstash conf放置行

基于正则表达式的logstash conf放置行

logstash

基于正则表达式的logstash conf放置行,logstash,logstash-grok,Logstash,Logstash Grok,我一直在尝试过滤那些我不感兴趣的类别的日志消息 我的日志行看起来像这样 2017-07-26 16:27:04,135 [[api-vehicle-registration-v1-114.0.0].apiHttpListenerConfig.worker.01] DEBUG esb.api-vehicle-registration-v1.get-registration.http.response - transactionID=6d5bec10-71cb-11e7-84ba-e2c437d94

我一直在尝试过滤那些我不感兴趣的类别的日志消息

我的日志行看起来像这样

2017-07-26 16:27:04,135 [[api-vehicle-registration-v1-114.0.0].apiHttpListenerConfig.worker.01] DEBUG esb.api-vehicle-registration-v1.get-registration.http.response - transactionID=6d5bec10-71cb-11e7-84ba-e2c437d94258 creationTime=2017-07-26T16:26:58.514+10:00 txnState=END timeTaken=5385 payloadType=JSON payload=[{"totalRecords":1}]
我想过滤那些类别与esb不匹配的日志行*

使用我的grok下面的logstash.conf可以工作,但是drop位不行。有人能帮我做那部分吗

谢谢

filter {
  grok {
    match => [ "message", "%{TIMESTAMP_ISO8601:timestamp}\s+%{DATA:thread}\s+%{LOGLEVEL:loglevel}\s+%{JAVACLASS:category}\s+-\s+%{GREEDYDATA:msgbody}" ]
  }

  if [category] =~ /esb/ {
        drop { }
  }

  kv {
    # remove leading '[' and trailing ']'
    #include_brackets => true
    source => "msgbody"
  }

}
可能的副本,我也不能复制提供的例子;