解析JSON日志和多行java异常

时间:2017-04-11 06:12:17

标签: elasticsearch logging logstash multiline logstash-configuration

我有一个以下的JSON日志文件



 
{"log":"2017-04-11 05:13:14.623  INFO 1 --- [io-8888-exec-30] .PersistenceArtifactGeneratorServiceImpl : Started generating service artifacts...\n","stream":"stdout","time":"2017-04-11T05:13:14.719142624Z"}
{"log":"java.lang.NullPointerException\n","stream":"stderr","time":"2017-04-11T05:13:14.72874145Z"}
{"log":"\u0009at com.dharbor.set.fusion.modelservice.service.impl.PersistenceArtifactGeneratorServiceImpl.extractEntityNames(PersistenceArtifactGeneratorServiceImpl.java:145)\n","stream":"stderr","time":"2017-04-11T05:13:14.728919982Z"}




因为我有3行日志,我试图用

解析这个json



 
input {
  file {
    type => "json"
    codec => multiline
    {
      pattern => '^\{'
      negate => true
      what => previous                
    }
    start_position => "beginning"
    sincedb_path => "/dev/null"
    path => ["/host/var/log/jsonlog.log"]
    exclude => "*.gz"
  }
}

filter {
  mutate
  {
    replace => [ "message", "%{message}}" ]
    gsub => [ 'message','\n','']
  }
  if [message] =~ /^{.*}$/ 
  {
    json
    {
      source => message
      remove_field => [ "message" ]
    }
  }
}

output
{   
  elasticsearch {
    codec => json
    hosts => "localhost:9200"
  }
  stdout {
    codec => rubydebug
  }
}




我想将最后2个日志条目合并到一个索引中,并将第一个条目合并为一个条目。我已经尝试了上面的logstasgh.conf,但它没有用 寻求帮助,对不起,如果我错误地将代码作为片段发布,因为我是新手。

0 个答案:

没有答案
相关问题
最新问题