我的设备日志采用以下结构
2018-11-28T07:59:41.453+00:00 10.99.112.2 10.99.112.2 debug 1 2018-11-28T07:58:57.392Z - NMS - - [mysystem@7312 orId="NOI_SET3"] (:netviz-event-polling3-5:) [com.example.compose.device.api.facade.DeviceEventBridge] received event from NETVIZDONGLE/DEVICE: Event:1.4:1:Temperature critical [87 C] ({})
我想从日志中选择orID的值并将其用作文件名。我可以用scv解析器吗?可以帮忙吗?
我尝试过
template t_msgfmt {
template("${R_ISODATE} ${HOST} ${SOURCEIP} ${LEVEL} ${MSGHDR} ${MSG}\n");
template_escape(yes);
};
并按如下所示编写解析器-
parser or_ID {
csv-parser(columns("ABC1")
delimiters(string("orId="))
flags(escape-none)
template("${MSG}"));
};