我正在学习logstash而且我正在尝试读取文件并尝试将输出放入文件中。日志文件格式为
LogName : System
LogName : System
这是conf文件 -
input{
file {
path => "<mypath>\wineventlog.txt"
type => 'eventlog'
}
}
filter{
if "eventlog" in [type] {
grok {
match => { 'message' => 'LogName\W+(?<LogName>[A-Za-z]{0,})'
}
}
}
}
output{
file{
path => "<mypath>\output.txt"
}
}
但是当我运行输出文件时
{"path":"<mypath>\\wineventlog.txt","@timestamp":"2017-04-11T16:17:40.732Z","@version":"1","host":"INFARSZB11617","message":"\u0000L\u0000o\u0000g\u0000N\u0000a\u0000m\u0000e\u0000 \u0000 \u0000 \u0000 \u0000 \u0000 \u0000:\u0000 \u0000S\u0000y\u0000s\u0000t\u0000e\u0000m\u0000\r\u0000","type":"eventlog","tags":["_grokparsefailure"]}
{"path":"<mypath>\\wineventlog.txt","@timestamp":"2017-04-11T16:17:40.748Z","@version":"1","host":"INFARSZB11617","message":"\u0000\r\u0000","type":"eventlog","tags":["_grokparsefailure"]}
请指导我在这做什么。仅供参考,我试图删除conf文件中的过滤器,然后我没有得到任何输出文件。
由于 Debashree