我想使用logstash发送我的日志,所以我下载了logstash1.5.0 rc2并在ubuntu中运行它使用命令:
bin/logstash -f test.conf
然后控制台显示错误:
The error reported is:
**target of repeat operator is not specified:** /;(?<Args:method>*);(?<INT:traceid:int>(?:[+-]?(?:[0-9]+)));(?<INT:sTime:int>(?:[+-]?(?:[0-9]+)));(?<INT:eTime:int>(?:[+-]?(?:[0-9]+)));(?<HOSTNAME:hostname>\b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\.?|\b));(?<INT:eoi:int>(?:[+-]?(?:[0-9]+)));(?<INT:ess:int>(?:[+-]?(?:[0-9]+)));(?<Args:args>*)/m
我不知道如何解决这个错误,可能是你可以帮助我。
我的test.conf如下:
input { stdin { } }
filter {
grok {
match => ["message" , "%{INT:type}"]}
if [type]=="10" {
grok {
patterns_dir => "./patterns"
match => ["message" , ";%{Args:method};%{INT:traceid:int};%{INT:sTime:int};%{INT:eTime:int};%{HOSTNAME:hostname};%{INT:eoi:int};%{INT:ess:int};%{Args:args}"]
}
date {
match => [ "sTime" , "UNIX_MS" ]
}
ruby {
code => "event['duration'] = event['eTime'] - event['sTime']"
}
}
if [type] =~ /3[1-6]/ {
grok {
patterns_dir => "./patterns"
match => [ "message" , ";%{Args:method};%{Args:sessionid};%{INT:traceID:int};%{INT:sTime:int};%{INT:eTime:int};%{HOSTNAME:hostname};%{INT:eoi:int};%{INT:ess:int};URL{%{HttpField:url}};RequestHeader{%{HttpField:ReqHeader}};RequestPara{%{HttpField:ReqPara}};RequestAttr{%{HttpField:ReqAttr}};SessionAttr{%{HttpField:SessionAttr}};ResponseHeader{%{HttpField:ResHeader}}"]
}
kv {
source => "ReqHeader"
field_split => ";"
value_split => ":"
target => "ReqHeader"
}
kv {
source => "ResHeader"
field_split => ";"
value_split => ":"
target => "ResHeader"
}
date {
match => [ "sTime" , "UNIX_MS" ]
}
ruby {
code => "event['duration'] = event['eTime'] - event['sTime']"
}
}
if [type] == "30" {
grok {
patterns_dir => "./patterns"
match => [ "message" ,";%{Args:method};%{Args:sessionid};%{INT:traceID:int};%{INT:sTime:int};%{INT:eTime:int};%{HOSTNAME:hostname};%{INT:eoi:int};%{INT:ess:int};URL{%{HttpField:url}};RequestHeader{%{HttpField:ReqHeader}};RequestPara{%{HttpField:ReqPara}};RequestAttr{%{HttpField:ReqAttr}};SessionAttr{%{HttpField:SessionAttr}}"
]
}
kv {
source => "ReqHeader"
field_split => ";"
value_split => ":"
target => "ReqHeader"
}
kv {
source => "ResHeader"
field_split => ";"
value_split => ":"
target => "ResHeader"
}
date {
match => [ "sTime" , "UNIX_MS" ]
}
ruby {
code => "event['duration'] = event['eTime'] - event['sTime']"
}
}
if [type]=="20" {
grok {
patterns_dir => "./patterns"
match => [ "message" , ";%{Args:method};%{INT:traceID:int};%{INT:sTime:int};%{INT:eTime:int};%{HOSTNAME:hostname};%{INT:eoi:int};%{INT:ess:int};%{INT:mtype};%{Args:DBUrl}"]
}
date {
match => [ "sTime" , "UNIX_MS" ]
}
ruby {
code => "event['duration'] = event['eTime'] - event['sTime']"
}
}
if [type]=="21" {
grok {
patterns_dir => "./patterns"
match => [ "message" , ";%{Args:method};%{INT:traceID:int};%{INT:sTime:int};%{INT:eTime:int};%{HOSTNAME:hostname};%{INT:eoi:int};%{INT:ess:int};%{INT:mtype};%{Args:sql};%{Args:bindVariables}"]
}
date {
match => [ "sTime" , "UNIX_MS" ]
}
ruby {
code => "event['duration'] = event['eTime'] - event['sTime']"
}
}
if [type]=="12" {
grok {
patterns_dir => "./patterns"
match => [ "message" , ";%{Args:method};%{INT:traceID:int};%{INT:sTime:int};%{INT:eTime:int};%{HOSTNAME:hostname};%{INT:eoi:int};%{INT:ess:int};%{Args:logStack}"]
}
date {
match => [ "sTime" , "UNIX_MS" ]
}
ruby {
code => "event['duration'] = event['eTime'] - event['sTime']"
}
}
if [type]=="11" {
grok {
patterns_dir => "./patterns"
match => [ "message" , ";%{Args:method};%{INT:traceID};%{INT:sTime:int};%{INT:eTime:int};%{HOSTNAME:hostname};%{INT:eoi:int};%{INT:ess:int};%{Args:errorStack}"]
}
date {
match => [ "sTime" , "UNIX_MS" ]
}
ruby {
code => "event['duration'] = event['eTime'] - event['sTime']"
}
}
if [type]=="50" {
grok {
patterns_dir => "./patterns"
match => [ "message" , ";%{INT:sTime:int};%{HOSTNAME:host};%{Args:JVMName};%{Args:GCName};%{INT:count:int};%{INT:time:int}"]
}
date {
match => [ "sTime" , "UNIX_MS" ]
}
}
if [type]=="51" {
grok {
patterns_dir => "./patterns"
match => [ "message" , ";%{INT:sTime:int};%{HOSTNAME:host};%{Args:JVMName};%{INT:maxheap};%{INT:currentheap};%{INT:commitheap};%{INT:iniheap};%{INT:maxnonheap};%{INT:currentnonheap};%{INT:commitnonheap};%{INT:ininonheap}"]
}
date {
match => [ "sTime" , "UNIX_MS" ]
}
}
if [type]=="52" {
grok {
patterns_dir => "./patterns"
match => [ "message" , ";%{INT:sTime:int};%{HOSTNAME:host};%{Args:JVMName};%{Args:iniloadedclasses};%{Args:currentloadedclasses};%{Args:iniunloadedclasses}"]
}
date {
match => [ "sTime" , "UNIX_MS" ]
}
}
}
output {
elasticsearch { host => "127.2.96.1"
protocol => "http"
port => "8080" }
stdout { codec => rubydebug
}
}