Regex Logstash grok模式要过滤相当长的日志行,请添加忽略
这是一条记录线Regex Logstash grok模式要过滤相当长的日志行,请添加忽略,regex,expression,logstash,grok,Regex,Expression,Logstash,Grok,这是一条记录线 2015-10-05 12:04:19.199 INFO 4808 --- [metrics-logger-reporter-2-thread-1] com.example.metrics : type=TIMER, name=demo.ws.rest.controllers.ItemController.getAllItems, count=0, min=0.0, max=0.0, mean=0.0, stddev=0.0, medi
2015-10-05 12:04:19.199 INFO 4808 --- [metrics-logger-reporter-2-thread-1] com.example.metrics : type=TIMER, name=demo.ws.rest.controllers.ItemController.getAllItems, count=0, min=0.0, max=0.0, mean=0.0, stddev=0.0, median=0.0, p75=0.0, p95=0.0, p98=0.0, p99=0.0, p999=0.0, mean_rate=0.0, m1=0.0, m5=0.0, m15=0.0, rate_unit=events/second, duration_unit=milliseconds
"message" => "%{TIMESTAMP_ISO8601:time}%{SPACE}%{WORD}%{SPACE}%{NUMBER}%{SPACE}%{NOTSPACE}%{SPACE}%{NOTSPACE}%{SPACE}%{NOTSPACE}%{SPACE}%{NOTSPACE}%{SPACE}%{WORD}%{NOTSPACE}%{WORD:metrictype}%{NOTSPACE}%{SPACE}%{WORD:vardspirms}%{DATA:pirms}%{JAVAFILE:javafilename}%{NOTSPACE:peec}%{SPACE}%{WORD}%{NOTSPACE}%{NUMBER:count}%{GREEDYDATA:debuginfo}"
而且它看起来很长,效率很低,而且很糟糕。我想知道,我如何才能添加忽略内格罗克。所以我可以忽略信息和类型之间的所有内容。对不起,我的英语不是母语。我找到了一个非常方便的解决办法
kv {
source => "debuginfo" # new field generated by grok before
field_split => ", " # split fields by semicolon
}
debuginfo中的所有内容似乎都很好。如果有人可以添加一个链接来解释更多的内容,我们将不胜感激:)