我有这个日志。我想用grok解析它。
2017-05-29 00:00:12,145 INFO Identity:UserID=null;Correlation:BPID=null,BSID=f4dbd7f5-94e5-4c9d-bde6-ef0b6b0c6203,MID=null,PID=1494396441974578728;BUSINESS:InkassoService;2017_1;gibZahlstatus;231;OK;PID:1494396441974578728;UserID:xv86e0p;Channel:rv24;IDs:;ESBExecution:pid=1494396441975960958,workflow=Public/InkassoService/2017_1/gibZahlstatus/gibZahlstatus.wrf,status=1,proxyduration=200,workflowduration=200;
我尝试过这种模式但没有结果:
%{TIMESTAMP_ISO8601:timestamp},\s*%{INT}\s*%{LOGLEVEL:log-level} :%{WORD:Identity}\S+%{WORD};:%{WORD:Correlation}\S+%{WORD},(?<BSID>[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12},(?<MID>[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}),(?<PID>[A-Fa-f0-9]{18});
:%{WORD:BUSINESS};%{YEAR}_%{INT};%{NOTSPACE:RUF};%{NUMBER:server_response};%{NOTSPACE:termination_state};(?<PID>[A-Fa-f0-9]{18});(:%{HOSTNAME:UserID});(:%{HOSTNAME:Channel});%{NOTSPACE:IDS};:%{WORD:ESBExecution}\S+%{WORD},%{WORD}\S+%{URIPATH:uri},%{NUMBER:status},(?:%{BASE10NUM:workflowduration});(?:%{BASE10NUM:proxyduration})