用于logstash的grok的SYNTAX列表

时间:2014-05-07 16:53:47

标签: logstash logstash-grok

grok模式的语法是%{SYNTAX:SEMANTIC}。如何生成所有可用SYNTAX关键字的列表?我知道我可以使用grok调试器从文本中发现模式。但是有一个我可以浏览的列表吗?

4 个答案:

答案 0 :(得分:23)

他们在GIT中并且包含在发行版的某个地方。但在线查看它可能最简单:

https://github.com/elasticsearch/logstash/blob/v1.4.0/patterns/grok-patterns

答案 1 :(得分:1)

如果您已将Logstash作为软件包安装,可以在/ opt / logstash / patterns / grok-patterns中找到它们。

答案 2 :(得分:1)

您可以使用以下命令查看:

# find / -name patterns

/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.5/patterns

/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.5/lib/logstash/patterns

只需浏览目录

即可
# cd  /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.5/patterns

这里有一整套模式

aws                   exim                  haproxy            
linux-syslog          mongodb               rails
bacula                firewalls             java                  mcollective           nagios                redis
bro                   grok-patterns         junos                 mcollective-patterns  postgresql            ruby

答案 3 :(得分:1)

grok模式文件现在位于logstash-patterns-core存储库中。 假设您在文件系统的logstash-patterns-core目录中克隆了它,您可以发出类似这样的命令来列出所有SYNTAX关键字:

$ find ./logstash-patterns-core/patterns -type f -exec awk '{print $1}' {} \; | grep "^[^#\ ]" | sort

从提交6655856开始,命令的输出(也就是SYNTAX关键字列表)看起来像这样(记住这个列表不是静态的):

BACULA_CAPACITY
BACULA_DEVICE
BACULA_DEVICEPATH
BACULA_HOST
BACULA_JOB
BACULA_LOG_ALL_RECORDS_PRUNED
BACULA_LOG_BEGIN_PRUNE_FILES
BACULA_LOG_BEGIN_PRUNE_JOBS
BACULA_LOG_CANCELLING
BACULA_LOG_CLIENT_RBJ
BACULA_LOG_DIFF_FS
BACULA_LOG_DUPLICATE
BACULA_LOG_ENDPRUNE
BACULA_LOG_END_VOLUME
BACULA_LOG_FATAL_CONN
BACULA_LOG_JOB
BACULA_LOG_JOBEND
BACULA_LOGLINE
BACULA_LOG_MARKCANCEL
BACULA_LOG_MAX_CAPACITY
BACULA_LOG_MAXSTART
BACULA_LOG_NEW_LABEL
BACULA_LOG_NEW_MOUNT
BACULA_LOG_NEW_VOLUME
BACULA_LOG_NO_AUTH
BACULA_LOG_NO_CONNECT
BACULA_LOG_NOJOBS
BACULA_LOG_NOJOBSTAT
BACULA_LOG_NOOPEN
BACULA_LOG_NOOPENDIR
BACULA_LOG_NOPRIOR
BACULA_LOG_NOPRUNE_FILES
BACULA_LOG_NOPRUNE_JOBS
BACULA_LOG_NOSTAT
BACULA_LOG_NOSUIT
BACULA_LOG_PRUNED_FILES
BACULA_LOG_PRUNED_JOBS
BACULA_LOG_READYAPPEND
BACULA_LOG_STARTJOB
BACULA_LOG_STARTRESTORE
BACULA_LOG_USEDEVICE
BACULA_LOG_VOLUME_PREVWRITTEN
BACULA_LOG_VSS
BACULA_LOG_WROTE_LABEL
BACULA_TIMESTAMP
BACULA_VERSION
BACULA_VOLUME
BASE10NUM
BASE16FLOAT
BASE16NUM
BIND9
BIND9_TIMESTAMP
BRO_CONN
BRO_DNS
BRO_FILES
BRO_HTTP
CATALINA_DATESTAMP
CATALINALOG
CISCO_ACTION
CISCO_DIRECTION
CISCOFW104001
CISCOFW104002
CISCOFW104003
CISCOFW104004
CISCOFW105003
CISCOFW105004
CISCOFW105005
CISCOFW105008
CISCOFW105009
CISCOFW106001
CISCOFW106006_106007_106010
CISCOFW106014
CISCOFW106015
CISCOFW106021
CISCOFW106023
CISCOFW106100
CISCOFW106100_2_3
CISCOFW110002
CISCOFW302010
CISCOFW302013_302014_302015_302016
CISCOFW302020_302021
CISCOFW304001
CISCOFW305011
CISCOFW313001_313004_313008
CISCOFW313005
CISCOFW321001
CISCOFW402117
CISCOFW402119
CISCOFW419001
CISCOFW419002
CISCOFW500004
CISCOFW602303_602304
CISCOFW710001_710002_710003_710005_710006
CISCOFW713172
CISCOFW733100
CISCO_INTERVAL
CISCOMAC
CISCO_REASON
CISCOTAG
CISCO_TAGGED_SYSLOG
CISCOTIMESTAMP
CISCO_XLATE_TYPE
CLOUDFRONT_ACCESS_LOG
COMBINEDAPACHELOG
COMMONAPACHELOG
COMMONMAC
CRON_ACTION
CRONLOG
DATA
DATE
DATE_EU
DATESTAMP
DATESTAMP_EVENTLOG
DATESTAMP_OTHER
DATESTAMP_RFC2822
DATESTAMP_RFC822
DATE_US
DAY
ELB_ACCESS_LOG
ELB_REQUEST_LINE
ELB_URI
ELB_URIPATHPARAM
EMAILADDRESS
EMAILLOCALPART
EXIM_DATE
EXIM_EXCLUDE_TERMS
EXIM_FLAGS
EXIM_HEADER_ID
EXIM_INTERFACE
EXIM_MSGID
EXIM_MSG_SIZE
EXIM_PID
EXIM_PROTOCOL
EXIM_QT
EXIM_REMOTE_HOST
EXIM_SUBJECT
GREEDYDATA
HAPROXYCAPTUREDREQUESTHEADERS
HAPROXYCAPTUREDRESPONSEHEADERS
HAPROXYDATE
HAPROXYHTTP
HAPROXYHTTPBASE
HAPROXYTCP
HAPROXYTIME
HOSTNAME
HOSTPORT
HOUR
HTTPD20_ERRORLOG
HTTPD24_ERRORLOG
HTTPDATE
HTTPD_COMBINEDLOG
HTTPD_COMMONLOG
HTTPDERROR_DATE
HTTPD_ERRORLOG
HTTPDUSER
INT
IP
IPORHOST
IPV4
IPV6
ISO8601_SECOND
ISO8601_TIMEZONE
JAVACLASS
JAVACLASS
JAVAFILE
JAVAFILE
JAVALOGMESSAGE
JAVAMETHOD
JAVASTACKTRACEPART
JAVATHREAD
LOGLEVEL
MAC
MAVEN_VERSION
MCOLLECTIVE
MCOLLECTIVEAUDIT
MCOLLECTIVEAUDIT
MINUTE
MONGO3_COMPONENT
MONGO3_LOG
MONGO3_SEVERITY
MONGO_LOG
MONGO_QUERY
MONGO_SLOWQUERY
MONGO_WORDDASH
MONTH
MONTHDAY
MONTHNUM
MONTHNUM2
NAGIOS_CURRENT_HOST_STATE
NAGIOS_CURRENT_SERVICE_STATE
NAGIOS_EC_DISABLE_HOST_CHECK
NAGIOS_EC_DISABLE_HOST_NOTIFICATIONS
NAGIOS_EC_DISABLE_HOST_SVC_NOTIFICATIONS
NAGIOS_EC_DISABLE_SVC_CHECK
NAGIOS_EC_DISABLE_SVC_NOTIFICATIONS
NAGIOS_EC_ENABLE_HOST_CHECK
NAGIOS_EC_ENABLE_HOST_NOTIFICATIONS
NAGIOS_EC_ENABLE_HOST_SVC_NOTIFICATIONS
NAGIOS_EC_ENABLE_SVC_CHECK
NAGIOS_EC_ENABLE_SVC_NOTIFICATIONS
NAGIOS_EC_LINE_DISABLE_HOST_CHECK
NAGIOS_EC_LINE_DISABLE_HOST_NOTIFICATIONS
NAGIOS_EC_LINE_DISABLE_HOST_SVC_NOTIFICATIONS
NAGIOS_EC_LINE_DISABLE_SVC_CHECK
NAGIOS_EC_LINE_DISABLE_SVC_NOTIFICATIONS
NAGIOS_EC_LINE_ENABLE_HOST_CHECK
NAGIOS_EC_LINE_ENABLE_HOST_NOTIFICATIONS
NAGIOS_EC_LINE_ENABLE_HOST_SVC_NOTIFICATIONS
NAGIOS_EC_LINE_ENABLE_SVC_CHECK
NAGIOS_EC_LINE_ENABLE_SVC_NOTIFICATIONS
NAGIOS_EC_LINE_PROCESS_HOST_CHECK_RESULT
NAGIOS_EC_LINE_PROCESS_SERVICE_CHECK_RESULT
NAGIOS_EC_LINE_SCHEDULE_HOST_DOWNTIME
NAGIOS_EC_PROCESS_HOST_CHECK_RESULT
NAGIOS_EC_PROCESS_SERVICE_CHECK_RESULT
NAGIOS_EC_SCHEDULE_HOST_DOWNTIME
NAGIOS_EC_SCHEDULE_SERVICE_DOWNTIME
NAGIOS_HOST_ALERT
NAGIOS_HOST_DOWNTIME_ALERT
NAGIOS_HOST_EVENT_HANDLER
NAGIOS_HOST_FLAPPING_ALERT
NAGIOS_HOST_NOTIFICATION
NAGIOSLOGLINE
NAGIOS_PASSIVE_HOST_CHECK
NAGIOS_PASSIVE_SERVICE_CHECK
NAGIOS_SERVICE_ALERT
NAGIOS_SERVICE_DOWNTIME_ALERT
NAGIOS_SERVICE_EVENT_HANDLER
NAGIOS_SERVICE_FLAPPING_ALERT
NAGIOS_SERVICE_NOTIFICATION
NAGIOSTIME
NAGIOS_TIMEPERIOD_TRANSITION
NAGIOS_TYPE_CURRENT_HOST_STATE
NAGIOS_TYPE_CURRENT_SERVICE_STATE
NAGIOS_TYPE_EXTERNAL_COMMAND
NAGIOS_TYPE_HOST_ALERT
NAGIOS_TYPE_HOST_DOWNTIME_ALERT
NAGIOS_TYPE_HOST_EVENT_HANDLER
NAGIOS_TYPE_HOST_FLAPPING_ALERT
NAGIOS_TYPE_HOST_NOTIFICATION
NAGIOS_TYPE_PASSIVE_HOST_CHECK
NAGIOS_TYPE_PASSIVE_SERVICE_CHECK
NAGIOS_TYPE_SERVICE_ALERT
NAGIOS_TYPE_SERVICE_DOWNTIME_ALERT
NAGIOS_TYPE_SERVICE_EVENT_HANDLER
NAGIOS_TYPE_SERVICE_FLAPPING_ALERT
NAGIOS_TYPE_SERVICE_NOTIFICATION
NAGIOS_TYPE_TIMEPERIOD_TRANSITION
NAGIOS_WARNING
NETSCREENSESSIONLOG
NONNEGINT
NOTSPACE
NUMBER
PATH
POSINT
POSTGRESQL
PROG
QS
QUOTEDSTRING
RAILS3
RAILS3FOOT
RAILS3HEAD
RAILS3PROFILE
RCONTROLLER
REDISLOG
REDISMONLOG
REDISTIMESTAMP
RPROCESSING
RT_FLOW1
RT_FLOW2
RT_FLOW3
RT_FLOW_EVENT
RUBY_LOGGER
RUBY_LOGLEVEL
RUUID
S3_ACCESS_LOG
S3_REQUEST_LINE
SECOND
SFW2
SHOREWALL
SPACE
SQUID3
SYSLOG5424BASE
SYSLOG5424LINE
SYSLOG5424PRI
SYSLOG5424PRINTASCII
SYSLOG5424SD
SYSLOGBASE
SYSLOGBASE2
SYSLOGFACILITY
SYSLOGHOST
SYSLOGLINE
SYSLOGPAMSESSION
SYSLOGPROG
SYSLOGTIMESTAMP
TIME
TIMESTAMP_ISO8601
TOMCAT_DATESTAMP
TOMCATLOG
TTY
TZ
UNIXPATH
URI
URIHOST
URIPARAM
URIPATH
URIPATHPARAM
URIPROTO
URN
USER
USERNAME
UUID
WINDOWSMAC
WINPATH
WORD
YEAR