我有一个如下所述的日志文件。我想使用logstash解析此文件。
2015-06-10 05:11:37,799 [good][status] [ErrorAttribute - AN EXCEPTION OCCURED:
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
]2015-06-10 05:36:35,517 [50][ERROR] [ErrorAttribute - AN EXCEPTION OCCURED:
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
]
我想解析上面的文件,如以下字段格式
@timestamp - 2015-06-10 05:11:37,799
Quality - good
Status- Pass
Details - ErrorAttribute - AN EXCEPTION OCCURED:
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
我想继续这一步直到文件结束我使用了grok表达式grokparse失败,因为日志信息包含很多行。我希望格罗克将逐行申请。
我想将信息解析为像这样的单独事件作为一个事件
2015-06-10 05:11:37,799 [50][ERROR] [ErrorAttribute - AN EXCEPTION OCCURED:
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
Exception Occured1
]
这是另一个事件
2015-06-10 05:36:35,517 [50][ERROR] [ErrorAttribute - AN EXCEPTION OCCURED:
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
Exception DiffernetOccured1
]
如何在Logstash过滤器中实现此目的。
答案 0 :(得分:2)
您需要使用多行编解码器或过滤器将这些行组合成一个事件进行处理。
答案 1 :(得分:-1)
我使用多行过滤器将消息分组为单个事件,并使用拆分过滤器,我分成许多事件并在Logstash中解析信息。
感谢@Alain的建议。