我的Grok过滤器是这样的:
grok {
match => ["message", "%{TIMESTAMP_ISO8601} Thread:'(?<thread>[^']+)' Level:'%{LOGLEVEL:log-level}' Message:%{GREEDYDATA:information}"]
这在输出中工作正常:
slack
{
url => "https://hooks.slack.com/services/XXXXXXXX/XXXXXXXX/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
format => "%{log-level} at %{@timestamp} on %{type} \n\n Message: %{information}"
}
附件不起作用,\n也不会破坏线条,它只是在Slack中显示为\ n
我的错误消息日志是多行的大块文本,所以我真的想做这样的事情,这是不行的:
slack
{
url => "https://hooks.slack.com/services/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"
format => "%{log-level} at %{@timestamp} on %{type} with IP:%{host}"
attachments => "Message: %{information}"
}