以下是我的配置文件:
filter {
if [type] == "syslog" {
multiline {
pattern => "^%{TIMESTAMP_ISO8601}"
negate => true
what => "previous"
max_age => 7
add_tag => [ "multiline" ] }
grok {
break_on_match => false
match => { "message" => "%{TIMESTAMP_ISO8601:logTime} %{LOGLEVEL:LogLevel} \[%{NOTSPACE:logClass}\] %{GREEDYDATA:LogMsg}" }
match => ["message", "(.*Caused by: +%{GREEDYDATA:causedBy}$)?"]
}
date {
match => [ "logTime" , "yyyyMMdd-HH:mm:ss.SSSZ", "ISO8601" ]
timezone => "UTC"
}
}
}
我的日志:
2014-01-29 11:06:48,384 ERROR [de.Fm.Radium.Thorium.server.bean3.vollinfo.VollinfoTransformer] A sequence of more than one item is not allowed as the third argument of c$
net.sf.saxon.trans.DynamicError: A sequence of more than one item is not allowed as the third argument of concat()
at com.amazonaws.auth.AbstractAWSSigner.signAndBase64Encode(AbstractAWSSigner.java:71)
at com.amazonaws.auth.AbstractAWSSigner.signAndBase64Encode(AbstractAWSSigner.java:71)
at com.amazonaws.auth.AbstractAWSSigner.signAndBase64Encode(AbstractAWSSigner.java:71)
Caused by: com.amazonaws.AmazonClientException: Unable to calculate a request signature: Empty key
at com.amazonaws.services.sqs.AmazonSQSClient.invoke(AmazonSQSClient.java:776)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:170)
Caused by: com.amazonaws.AmazonClientException: Unable to calculate a request signature: Empty key
at com.amazonaws.auth.AbstractAWSSigner.sign(AbstractAWSSigner.java:90)
at com.amazonaws.auth.AbstractAWSSigner.signAndBase64Encode(AbstractAWSSigner.java:68)
2014-01-29 11:06:48,383 ERROR [stderr] XPTY0004: A sequence of more than one item is not allowed as the third argument of concat()
我需要捕获的是整个行,以'引起'直到换行符开头。 我的问题是,我只捕获了最后一个(引起)