log4j grok与管道失败

时间:2017-10-18 23:40:38

标签: java log4j logstash logstash-grok

我需要格式化下一个日志格式的grok输入

[#|2017-10-12T07:40:16.232-0700|INFO|sun-appserver2.1|RugDaemonCMLog|_ThreadID=17;_ThreadName=Thread-25;|Wake Up!!#]

[#|2017-10-12T07:40:16.241-0700|INFO|sun-appserver2.1|RugDaemonCMLog|_ThreadID=17;_ThreadName=Thread-25;|--Don't have a work in batch|#]

[#|2017-10-12T07:40:16.241-0700|INFO|sun-appserver2.1|RugDaemonCMLog|_ThreadID=17;_ThreadName=Thread-25;|go to sleep!|#]

[#|2017-10-12T07:40:16.567-0700|INFO|sun-appserver2.1|RugProject|_ThreadID=16;_ThreadName=Thread-23;| sleep---|#]

[#|2017-10-12T07:40:16.568-0700|INFO|sun-appserver2.1|RugProject|_ThreadID=16;_ThreadName=Thread-23;|Sending Mail|#]

[#|2017-10-12T07:40:16.569-0700|INFO|sun-appserver2.1|RugProject|_ThreadID=16;_ThreadName=Thread-23;|--lookup--|#]

我的log4j文件中有以下sintax 

log4j.appender.file.datePattern='.'yyyy-MM-dd_HH_mm
log4j.appender.file.MaxFileSize=10MB
log4j.appender.file.MaxBackupIndex=100
log4j.appender.file.encoding=UTF-8
log4j.appender.file.layout=org.apache.log4j.PatternLayout
log4j.appender.file.layout.ConversionPattern=%d{dd-MM-yyyy HH:mm:ss} %-5p %c{1}:%L - %m%n
在线调试器

尝试这种格式

%{TIMESTAMP_ISO8601:logdate}\|%{LOGLEVEL:loglevel}|%{WORD:caller}\|%{NONNEGINT:line} - %{GREEDYDATA:message}$

该格式解析日期和日志级别信息,但不解析调用者和线程信息

1 个答案:

答案 0 :(得分:0)

使用此:

%{TIMESTAMP_ISO8601:logdate}\|%{LOGLEVEL:loglevel}\|%{DATA:caller}\|%{DATA:line}\|_ThreadID=%{DATA:threadid};_ThreadName=%{DATA:threadname}\|%{GREEDYDATA:message}\|%{GREEDYDATA:fin}$
相关问题
最新问题