为HTTP状态代码创建grok模式

时间:2018-11-30 05:42:58

标签: filter logstash logstash-grok filebeat

我有此日志,并且只需要一个grok模式用于状态码,例如status:200 status:404 

2018-11-29 11:49:32.647 116786 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 GET /latest/meta-data/block-device-mapping/ami HTTP/1.1 status: 404 len: 119 time: 0.0108240
2018-11-29 11:49:33.519 116786 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 GET /latest/meta-data/block-device-mapping/ami HTTP/1.1 status: 404 len: 119 time: 0.0108240
2018-11-29 11:49:33.898 116786 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 GET /latest/meta-data/block-device-mapping/ami HTTP/1.1 status: 404 len: 119 time: 0.0108240
2018-11-29 11:49:34.314 116786 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 GET /latest/meta-data/block-device-mapping/ami HTTP/1.1 status: 404 len: 119 time: 0.0108240
2018-11-29 11:49:34.685 116786 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 GET /latest/meta-data/block-device-mapping/ami HTTP/1.1 status: 404 len: 119 time: 0.0108240
2018-11-29 11:49:35.033 1
2018-11-22 03:49:13.843 116783 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 "GET /latest/meta-data/block-device-mapping/root HTTP/1.1" status: 200 len: 124 time: 0.0037112
2018-11-22 03:49:13.853 116783 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 "GET /latest/meta-data/hostname HTTP/1.1" status: 200 len: 150 time: 0.0041871
2018-11-22 03:49:14.232 116786 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 "GET /latest/meta-data/instance-action HTTP/1.1" status: 200 len: 120 time: 0.0085640
2018-11-22 03:49:14.247 116783 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 "GET /latest/meta-data/instance-id HTTP/1.1" status: 200 len: 127 time: 0.0075030
2018-11-22 03:49:14.263 116783 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 "GET /latest/meta-data/instance-type HTTP/1.1" status: 200 len: 124 time: 0.0110199
2018-11-22 03:49:14.281 116782 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 "GET /latest/meta-data/local-hostname HTTP/1.1" status: 200 len: 150 time: 0.0129972
2018-11-22 03:49:14.509 116768 INFO nova.osapi_compute.wsgi.server [-] 10.118.220.228 "OPTIONS / HTTP/1.0" status: 200 len: 505 time: 0.0005820
2018-11-22 03:49:14.622 116786 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 "GET /latest/meta-data/local-ipv4 HTTP/1.1" status: 200 len: 131 time: 0.0097260
2018-11-22 03:49:16.510 116771 INFO nova.osapi_compute.wsgi.server [-] 10.118.220.228 "OPTIONS / HTTP/1.0" status: 200 len: 505 time: 0.0006311
2018-11-22 03:49:17.443 116784 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 "GET /latest/meta-data/placement/ HTTP/1.1" status: 200 len: 134 time: 0.0113320
2018-11-22 03:49:17.456 116784 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 "GET /latest/meta-data/placement/availability-zone HTTP/1.1" status: 200 len: 118 time: 0.0067370
2018-11-22 03:49:17.847 116786 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 "GET /latest/meta-data/public-hostname HTTP/1.1" status: 200 len: 150 time: 0.0146971
2018-11-22 03:49:17.863 116783 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 "GET /latest/meta-data/public-ipv4 HTTP/1.1" status: 200 len: 116 time: 0.0097051
2018-11-22 03:49:18.232 116787 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 "GET /latest/meta-data/reservation-id HTTP/1.1" status: 200 len: 127 time: 0.0107770
2018-11-22 03:49:18.256 116783 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 "GET /latest/meta-data/security-groups HTTP/1.1" status: 200 len: 123 time: 0.0188129
2018-11-22 03:49:18.268 116783 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 "GET /latest/user-data/ HTTP/1.1" status: 200 len: 171 time: 0.0065401
2018-11-22 03:49:18.284 116783 INFO nova.metadata.wsgi.server [-] 10.118.220.2,10.118.220.228 "GET /latest/user-data/ HTTP/1.1" status: 200 len: 171 time: 0.0109680
2018-11-22 03:49:18.511 116771 INFO nova.osapi_compute.wsgi.server [-] 10.118.220.228 "OPTIONS / HTTP/1.0" status: 200 len: 505 time: 0.0005870
2018-11-22 03:49:20.515 116766 INFO nova.osapi_compute.wsgi.server [-] 10.118.220.228 "OPTIONS / HTTP/1.0" status: 200 len: 505 time: 0.0005751
2018-11-22 03:49:22.517 116770 INFO nova.osapi_compute.wsgi.server [-] 10.118.220.228 "OPTIONS / HTTP/1.0" status: 200 len: 505 time: 0.0005829
2018-11-22 03:49:24.519 116771 INFO nova.osapi_compute.wsgi.server [-] 10.118.220.228 "OPTIONS / HTTP/1.0" status: 200 len: 505 time: 0.0005841
2018-11-22 03:49:26.522 116771 INFO nova.osapi_compute.wsgi.server [-] 10.118.220.228 "OPTIONS / HTTP/1.0" status: 200 len: 505 time: 0.0006351
2018-11-22 03:49:28.525 116771 INFO nova.osapi_compute.wsgi.server [-] 10.118.220.228 "OPTIONS / HTTP/1.0" status: 200 len: 505 time: 0.0005720
2018-11-22 03:49:30.528 116773 INFO nova.osapi_compute.wsgi.server [-] 10.118.220.228 "OPTIONS / HTTP/1.0" status: 200 len: 505 time: 0.0006001

如何使grok模式根据状态码匹配所有日志?我有不同的状态码,所以我实际上只想像: “ status:$ variable”,因此可以在状态后更改变量。

0 个答案:

没有答案
相关问题
最新问题