任何人都可以帮我从以下日志中提取日志log-level -
2017-05-16 11:52:37,962|DEBUG|logging.WorkerThread|pool-2-thread-1|RequestId:31|ServiceInstanceId:31|VirtualServerName:31|ServiceName:31|InstanceUUID:31|AlertSeverity:31|ServerIPAddress:31|ServerFQDN:31|RemoteHost:31|ClassName:31|Timer:31| This is debug
我使用波纹管模式生成它 -
value="%date{ISO8601,UTC}|%.-5level|%logger|%thread|%X{LogType}|%X{Component}|%X{RequestId}|%X{ServiceInstanceId}|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}| %msg%n" />
我期待这样的事情 -
{
"message" => "2017-05-16 11:52:37,962|DEBUG|logging.WorkerThread|pool-2-thread-1|RequestId:31|ServiceInstanceId:31|VirtualServerName:31|ServiceName:31|InstanceUUID:31|AlertSeverity:31|ServerIPAddress:31|ServerFQDN:31|RemoteHost:31|ClassName:31|Timer:31| This is debug",
"timestamp" => "2017-05-16 11:52:37,962",
"log-level" => "DEBUG",
}
答案 0 :(得分:1)
尝试以下模式:
%{TIMESTAMP_ISO8601:Data}\|%{WORD:LogLevel}\|%{NOTSPACE:WorkerThread}\|pool\-%{WORD:PoolNumber}\-thread\-%{WORD:ThreadNumber}\|RequestId\:%{NUMBER:RequestId}\|ServiceInstanceId\:%{NUMBER:ServiceInstance}\|VirtualServerName\:%{NUMBER:VirtualServerName}\|ServiceName\:%{NUMBER:ServiceName}\|InstanceUUID\:%{NUMBER:InstanceUUID}\|AlertSeverity\:%{NUMBER:AlertSeverity}\|ServerIPAddress\:%{NUMBER:ServerIPAddress}\|ServerFQDN\:%{NUMBER:ServerFQDN}\|RemoteHost\:%{NUMBER:RemoteHost}\|ClassName\:%{NUMBER:ClassName}\|Timer\:%{NUMBER:Timer}\|%{GREEDYDATA:Text}
这将提取您的所有字段。基于给出的日志行示例。