试图为我的日志创建grok模式,但不确定如何逃避特殊的字符

时间:2016-01-22 11:00:30

标签: logstash logstash-grok grok logstash-configuration logstash-file 

07:40:28,339 INFO  [org.sprinframework.web.context.ContxtLoader] (ServerService Thread Pool -- 672)  WebApplicationContext: initialization started

我写了这样的模式

grok { 
      match => { "message" => "%{TIME:timestamp}%{SPACE}%{WORD:loglevel}%{SPACE}%{DATA:classname}%{SPACE}%{DATA:url}{THREADPOOL:thread}%{SPACE}%{DATA:logs}" }

}

1 个答案:

答案 0 :(得分:0)

你需要的grok模式是:

%{TIME:timestamp}%{SPACE}%{LOGLEVEL:level}%{SPACE}\[(?<logger>[^\]]+)\]%{SPACE}\((?<thread>[^)]+)\)%{SPACE}%{GREEDYDATA:message}
相关问题
最新问题