Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/dart/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Logstash 利用grok提取测井数据_Logstash_Logstash Grok - Fatal编程技术网
Fatal编程技术网
  • logstash/
  • Logstash 利用grok提取测井数据

Logstash 利用grok提取测井数据

logstash

Logstash 利用grok提取测井数据,logstash,logstash-grok,Logstash,Logstash Grok,我正在尝试使用grok从日志文件中提取数据 [Server 192.178.35.40] testweb.de 63.239.73.83 - - [19/Nov/2017:23:27:26 +0100] \"GET /service/want/teaser2/Buk/ HTTP/1.1\" 200 319 \"-\" \"https://testweb.de/Suche/Buk/Bonn\" \"Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/

我正在尝试使用grok从日志文件中提取数据

[Server 192.178.35.40] testweb.de 63.239.73.83 - - [19/Nov/2017:23:27:26 +0100] \"GET /service/want/teaser2/Buk/ HTTP/1.1\" 200 319 \"-\" \"https://testweb.de/Suche/Buk/Bonn\" \"Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\" \"65.259.77.67\" 0
我期待着这样的事情

server : 192.178.35.40
website : testweb.de
clientip : 63.239.73.83
timestamp:19/Nov/2017:23:27:26 +0100
method:GET
RESOURCE:/service/want/teaser2/Buk/ HTTP/1.1
RESPONCE:200
TIMETAKEN:319
USERAGENT:Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile 
Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
COOKIE:0
试穿 通过给出模式

 %{ip:SERVER}
并收到了结果,但无法解析剩余的数据

您希望如何仅使用一个模式来提取自己字段中的所有内容

为了获得所需的输出,您需要分别匹配每个字段。你能试试这个吗

%{IPV4:server}\] %{HOSTNAME:website} %{IPV4:client} - - \[%{HTTPDATE:timestamp}\] \\"%{WORD:method} (?<resource>%{NOTSPACE} HTTP/%{NUMBER})\\" %{NUMBER:response} %{NUMBER:TimeTaken} \\"-\\" \\"%{URI}\\" \\"%{GREEDYDATA:useragent}\).*%{NUMBER:cookie}

{
  "server": [
    [
      "192.178.35.40"
    ]
  ],
  "website": [
    [
      "testweb.de"
    ]
  ],
  "client": [
    [
      "63.239.73.83"
    ]
  ],
  "timestamp": [
    [
      "19/Nov/2017:23:27:26 +0100"
    ]
  ],
  "MONTHDAY": [
    [
      "19"
    ]
  ],
  "MONTH": [
    [
      "Nov"
    ]
  ],
  "YEAR": [
    [
      "2017"
    ]
  ],
  "TIME": [
    [
      "23:27:26"
    ]
  ],
  "HOUR": [
    [
      "23"
    ]
  ],
  "MINUTE": [
    [
      "27"
    ]
  ],
  "SECOND": [
    [
      "26"
    ]
  ],
  "INT": [
    [
      "+0100"
    ]
  ],
  "method": [
    [
      "GET"
    ]
  ],
  "resource": [
    [
      "/service/want/teaser2/Buk/ HTTP/1.1"
    ]
  ],
  "NOTSPACE": [
    [
      "/service/want/teaser2/Buk/"
    ]
  ],
  "NUMBER": [
    [
      "1.1"
    ]
  ],
  "BASE10NUM": [
    [
      "1.1",
      "200",
      "319",
      "0"
    ]
  ],
  "response": [
    [
      "200"
    ]
  ],
  "TimeTaken": [
    [
      "319"
    ]
  ],
  "URI": [
    [
      "https://testweb.de/Suche/Buk/Bonn"
    ]
  ],
  "URIPROTO": [
    [
      "https"
    ]
  ],
  "USER": [
    [
      null
    ]
  ],
  "USERNAME": [
    [
      null
    ]
  ],
  "URIHOST": [
    [
      "testweb.de"
    ]
  ],
  "IPORHOST": [
    [
      "testweb.de"
    ]
  ],
  "HOSTNAME": [
    [
      "testweb.de"
    ]
  ],
  "IP": [
    [
      null
    ]
  ],
  "IPV6": [
    [
      null
    ]
  ],
  "IPV4": [
    [
      null
    ]
  ],
  "port": [
    [
      null
    ]
  ],
  "URIPATHPARAM": [
    [
      "/Suche/Buk/Bonn"
    ]
  ],
  "URIPATH": [
    [
      "/Suche/Buk/Bonn"
    ]
  ],
  "URIPARAM": [
    [
      null
    ]
  ],
  "useragent": [
    [
      "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html"
    ]
  ],
  "cookie": [
    [
      "0"
    ]
  ]
}