我正在尝试(并且失败)获取自定义模式以使用logstash 2.4.0。以下是conf文件的相关部分:
private void button4_Click(object sender, EventArgs e)
{
int suma = 0;
var listOfTextBoxesPanel1 = new List<string>();
var listOfTextBoxesPanel2 = new List<string>();
foreach (Control w1 in panel1.Controls.OfType<TextBox>())
{
listOfTextBoxesPanel1.Add(w1.text);
}
foreach (Control w2 in panel2.Controls.OfType<TextBox>())
{
listOfTextBoxesPanel2.Add(w2.text);
}
for (int i = 0; i < listOfTextBoxesPanel1.Count; i++)
{
suma = suma + (int.Parse(listOfTextBoxesPanel1[i])* int.Parse(listOfTextBoxesPanel2[i])));
}
textBox3.Text = "" + suma;
}
(完整配置在最后) - 模式目录仅包含文件sendmail.grok:
#some parsing happens above...
grok {
patterns_dir => ["/config_dir/patterns"]
match => [ "syslog_message", "%{QID:qid}:" ]
}
运行这个我得到(重新格式化的例外):
#########
QID a
此异常与patterns / sendmail.grok的内容不变。这是一个PatternError,但它没有告诉我错误发生的位置/原因。但是,如果我评论匹配线,一切都很好(下面的示例输出):
{:exception=>"Grok::PatternError",
:backtrace=>["/opt/logstash/vendor/bundle/jruby/1.9/gems/jls-grok-0.11.3/lib/grok-pure.rb:123:in `compile'",
"org/jruby/RubyKernel.java:1479:in `loop'",
"/opt/logstash/vendor/bundle/jruby/1.9/gems/jls-grok-0.11.3/lib/grok-pure.rb:93:in `compile'",
"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-2.0.5/lib/logstash/filters/grok.rb:264:in `register'",
"org/jruby/RubyArray.java:1613:in `each'",
"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-2.0.5/lib/logstash/filters/grok.rb:259:in `register'",
"org/jruby/RubyHash.java:1342:in `each'",
"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-2.0.5/lib/logstash/filters/grok.rb:255:in `register'",
"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:182:in `start_workers'",
"org/jruby/RubyArray.java:1613:in `each'",
"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:182:in `start_workers'",
"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:136:in `run'",
"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/agent.rb:491:in `start_pipeline'"],
:level=>:error,
:file=>"logstash/agent.rb",
:line=>"493",
:method=>"start_pipeline"
}
想法?
TIA, ALF
完整配置:
{
"message" => "Oct 25 13:18:27 alpha opendkim[1160]: u9PBIMwu011394: authsmtp79.register.it [195.110.122.164] not internal",
"@version" => "1",
"@timestamp" => "2016-10-25T11:25:35.072Z",
"path" => "/log/maillog",
"host" => "93fe70f98023",
"syslog_severity_code" => 5,
"syslog_facility_code" => 1,
"syslog_facility" => "user-level",
"syslog_severity" => "notice",
"tags" => [
[0] "syslog_message_unparsed",
[1] "syslog_relay"
],
"syslog_timestamp" => "Oct 25 13:18:27",
"syslog_host" => "alpha",
"program" => "opendkim",
"pid" => "1160",
"syslog_message" => "u9PBIMwu011394: authsmtp79.register.it [195.110.122.164] not internal",
"syslog_fullhost" => "alpha"
}
答案 0 :(得分:0)
grok
过滤器匹配有问题我认为是异常。你可以改变你的比赛并检查:
grok {
patterns_dir => [""]
match => { "message" => "" }
}
在conf文件中实际使用它们之前,您可以尝试测试您的grok过滤器here。
来源:grok
答案 1 :(得分:0)
好的,所以托管我的docker容器(CentOS7 VM)的环境似乎有问题。我在FC24(非VM)机器(较新的docker,相同的容器等)上重建了相同的环境,异常就消失了。
经验教训:
感谢所有那些<罢工>打扰(甚至)阅读浪费时间的人。