Grokparsefailure在groking日志

时间:2015-08-13 07:22:49

标签: logstash logstash-grok

我正在使用我的日志遇到grokparsefailure问题,当我尝试从http://grokdebug.herokuapp.com/匹配它们时它们工作正常。

示例日志:

<?xml version="1.0" encoding="utf-8"?>
<android.support.design.widget.CoordinatorLayout xmlns:android="http://schemas.android.com/apk/res/android"
    xmlns:app="http://schemas.android.com/apk/res-auto"
    xmlns:wheel="http://schemas.android.com/tools"
    android:id="@+id/main_content"
    android:layout_width="match_parent"
    android:layout_height="fill_parent">

    <android.support.design.widget.AppBarLayout
        android:id="@+id/order_list_app_bar"
        android:layout_width="match_parent"
        android:layout_height="wrap_content"
        android:theme="@style/ThemeOverlay.AppCompat.Dark.ActionBar">

        <android.support.design.widget.CollapsingToolbarLayout
            android:id="@+id/order_list_collapsing_toolbar"
            android:layout_width="match_parent"
            android:layout_height="match_parent"
            android:fitsSystemWindows="true"
            app:contentScrim="?attr/colorPrimary"
            app:expandedTitleMarginEnd="64dp"
            app:expandedTitleMarginStart="48dp"
            app:layout_scrollFlags="scroll|enterAlways">

            <RelativeLayout
                android:layout_width="match_parent"
                android:layout_height="wrap_content"
                android:padding="@dimen/padding_normal">

                <TextView
                    android:id="@+id/order_list_outstanding_amount"
                    android:layout_width="wrap_content"
                    android:layout_height="wrap_content"
                    android:layout_alignTop="@android:id/icon"
                    android:layout_margin="@dimen/margin_normal"
                    android:layout_marginLeft="@dimen/margin_high"
                    android:layout_toRightOf="@android:id/icon"
                    android:text="@string/format_outstanding_amout"
                    android:textColor="@android:color/white"
                    android:textSize="@dimen/font_large" />
            </RelativeLayout>
        </android.support.design.widget.CollapsingToolbarLayout>
    </android.support.design.widget.AppBarLayout>


        <android.support.v7.widget.RecyclerView
            android:id="@+id/order_list_recycler_view"
            app:layout_behavior="@string/appbar_scrolling_view_behavior"
            android:layout_width="match_parent"
            android:layout_height="match_parent">

        </android.support.v7.widget.RecyclerView>

        <android.support.design.widget.FloatingActionButton
            android:layout_width="wrap_content"
            android:layout_height="wrap_content"
            android:layout_gravity="bottom|right"
            android:layout_margin="16dp"
            android:src="@android:drawable/ic_input_add"
            app:layout_anchor="@id/order_list_recycler_view"
            app:layout_anchorGravity="bottom|right|end" />

        <include
            android:id="@+id/order_list_empty_view"
            layout="@layout/empty_view"></include>

    <com.pnikosis.materialishprogress.ProgressWheel
        android:id="@+id/progress_wheel"
        android:layout_width="80dp"
        android:layout_height="80dp"
        android:layout_gravity="center"
        wheel:matProg_barColor="@color/colorAccent" />
</android.support.design.widget.CoordinatorLayout>

Grok Pattern:

08/13/2015 07:08:11 AM - WARNING - MainProcess - 31186 - agentmgr.views.session - save_session - Agent client got connected 98aa75fe-0ea3-11e5-9329-02add7aa4bff

我创建了自定义芹菜登录模式文件夹,名称为芹菜,下面是模式

if [category] == 'celery-logs' {
  grok {
    patterns_dir => "/opt/logstash-1.4.2/patterns"
    match => [ "messagee", "%{CELERY}" ]
  }
}

在日志存储页面上,我收到如下日志

DATESTAMP_12HOUR %{DATESTAMP} (AM|PM)
CELERY %{DATESTAMP_12HOUR} - %{GREEDYDATA}

请帮我确定问题。

1 个答案:

答案 0 :(得分:2)

这是您的错字 - 您的比赛声明有&#34; messagee&#34;什么时候应该有&#34;消息&#34;。