Logstash多行编解码器无法识别该模式

时间:2018-05-15 12:59:32

标签: logstash logstash-configuration logstash-file

我试图使用Logstash解析每行分隔多个日志消息的日志文件,但是没有做到。

我的logstash配置文件如下:

 file{
                path=> "/home/vm01/Documents/csb-demo/csb-result.txt"
                type=>"csb-alert"
                start_position => "beginning"
                sincedb_path=>"/home/vm01/Documents/sincedb_redefined2"
                codec => multiline
                {
                        pattern => '^\}'
                        negate => true
                        what => previous
                }
        }

日志文件如下所示:

OutOfOrderEventAlert{name='OUT_OF_ORDER_EVENT', description='An event reached the system way too late!', datetime='2018-01-01T05:13:37.150', attachedEvent=CsbEvent{serviceNameReporter='UserService', eventTimestamp=2018-01-01T05:13:37.150, receivedTimestamp=2018-05-10T19:52:19.498, logLevel='INFO', eventName='LOAD_GROUPS_FOR_USER', eventResult='succeeded', eventDescription='User groups were loaded', userId=0, userUsername='Prof. Etta Kallert MBA.', userPasswordInvoked=false, userGroups=null, fileAccessPolicy='', filePathLocal=, filePathRemote=, fileChunks=null, fileChunksSignedUrl=[], deviceId=0, deviceName='', deviceType='', deviceOs='', deviceOsVersion='', deviceTokenRevoked=false, networkAddressReporter=/0.0.0.0:8080, networkAddressSource=/172.18.0.4:46240, networkAddressDestination=/172.18.0.6:8080, networkRequestLength=-1, networkRequestUseragent='', networkResponseLength=2, networkResponseStatusCode=200, networkResponseStatusMessage='OK', networkSessionValidity=true}}
OutOfOrderEventAlert{name='OUT_OF_ORDER_EVENT', description='An event reached the system way too late!', datetime='2018-01-01T06:04:29.550', attachedEvent=CsbEvent{serviceNameReporter='DeviceService', eventTimestamp=2018-01-01T06:04:29.550, receivedTimestamp=2018-05-10T19:52:36.884, logLevel='INFO', eventName='LOAD_DEVICE', eventResult='succeeded', eventDescription='Device information was loaded', userId=0, userUsername='Vadim Mosemann B.A.', userPasswordInvoked=false, userGroups=null, fileAccessPolicy='', filePathLocal=, filePathRemote=, fileChunks=null, fileChunksSignedUrl=[], deviceId=1, deviceName='100dbf1f0940', deviceType='Personal Computer', deviceOs='linuxamd64', deviceOsVersion='4.13.0-26-generic', deviceTokenRevoked=false, networkAddressReporter=/0.0.0.0:8080, networkAddressSource=/172.18.0.4:46240, networkAddressDestination=/172.18.0.6:8080, networkRequestLength=-1, networkRequestUseragent='', networkResponseLength=2597, networkResponseStatusCode=200, networkResponseStatusMessage='OK', networkSessionValidity=true}}
IllegalCspFileEventAlert{ name='Illegal CSP file event', eventname='REST.GET.OBJECT', description='Invalid URL, parameters are missing.', username='null', datetime='2018-01-01T09:49:45', objectkey='rYhWZk22OF4eCdkeLiy5EXtT5SicVoIpUtzvFEw7TXTanbP7B620hNwDLe9B', url='/rYhWZk22OF4eCdkeLiy5EXtT5SicVoIpUtzvFEw7TXTanbP7B620hNwDLe9B?X-Amz-Date=20180101T095013Z&X-Amz-SignedHeaders=host&X-Amz-Expires=29&X-Amz-Credential=AKIAJJVXZ45BX4HD4THQ%2F20180131%2Feu-central-1%2Fs3%2Faws4_request&X-Amz-Signature=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&X-Amz-Algorithm=AWS4-HMAC-SHA256'}
IllegalCspFileEventAlert{ name='Illegal CSP file event', eventname='REST.PUT.OBJECT', description='A user permormed a cloud storage operation without a corresponding csb operation.', username='Dipl.-Ing. Florian Dowerg B.Sc.', datetime='2018-01-01T06:19:41', objectkey='497wfGnEGOCk7TonSp9wD9pWMxWZOpvEQFMavs6t55bM5OpjxyKsAjWrnnTS', url='/497wfGnEGOCk7TonSp9wD9pWMxWZOpvEQFMavs6t55bM5OpjxyKsAjWrnnTS?X-Amz-Date=20180101T062009Z&USERNAME=Dipl.-Ing.%20Florian%20Dowerg%20B.Sc.&X-Amz-Expires=29&X-Amz-SignedHeaders=host&X-Amz-Credential=AKIAJJVXZ45BX4HD4THQ%2F20180131%2Feu-central-1%2Fs3%2Faws4_request&X-Amz-Signature=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&X-Amz-Algorithm=AWS4-HMAC-SHA256'}

我的Logstash配置有问题吗?

0 个答案:

没有答案