我正在尝试从filebeat中读取文件并将其推入logstash。在推送它们之前,我试图合并包含Java堆栈跟踪的事件。我尝试了此过滤器,但无法正常工作。
filebeat.prospectors:
- type: log
paths:
- /mnt/logs/myapp/*.log
multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'
multiline.negate: true
multiline.match: after
这是我要推送到logstash的日志示例。我想将堆栈跟踪事件合并到带有时间戳记的事件中
2019-02-18 17:08:44 augmentos http-nio-8090-exec-4 INFO c.a.s.c.a.a.CommonCorpAuthAspect@validateAuth:68 - Header Name: connection And Header Value : keep-alive
2019-02-18 17:08:44 augmentos http-nio-8090-exec-4 INFO c.a.s.c.a.a.CommonCorpAuthAspect@validateAuth:118 - Permission status is true
2019-02-18 17:08:44 augmentos http-nio-8090-exec-4 INFO c.a.s.c.a.c.AssetADVActionResource@emailAssets:92 - User testqa is sending Asset on Email.
2019-02-18 17:08:47 augmentos http-nio-8090-exec-4 INFO c.a.spectra.aws.utils.S3ServiceUtil@generateSignedUrl:48 - Generating pre-signed URL with timeout 604800000
2019-02-18 17:08:56 augmentos http-nio-8090-exec-4 ERROR c.a.s.c.a.a.CommonCorpAuthAspect@validateAuth:131 - Authorization Aspect error
java.lang.NullPointerException: null
at com.ad2pro.spectra.core.acs.service.EmailHandlerService.getAssetFiles(EmailHandlerService.java:140)
at com.ad2pro.spectra.core.acs.service.EmailHandlerService.emailAsset(EmailHandlerService.java:63)
at com.ad2pro.spectra.core.acs.controllers.Test.emailAssets(AssetADVActionResource.java:104)
at com.ad2pro.spectra.core.acs.controllers.Test$$FastClassBySpringCGLIB$$bfc0b3c1.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
2019-02-18 17:08:44 augmentos http-nio-8090-exec-4 INFO c.a.s.c.a.a.CommonCorpAuthAspect@validateAuth:68 - Header Name: connection And Header Value : keep-alive
2019-02-18 17:08:44 augmentos http-nio-8090-exec-4 INFO c.a.s.c.a.a.CommonCorpAuthAspect@validateAuth:118 - Permission status is true
在合并事件之后,我认为如果我是对的,则message属性应该将两个事件消息串联起来,请对此提供帮助。
答案 0 :(得分:1)
这可能只是复制粘贴错误,但是YAML文件的缩进看起来不正确。同时检查您的Filebeat日志中是否有错误。应该是:
- type: log
paths:
- /mnt/logs/*.log
multiline:
pattern: '^\['
negate: true
match: after