这些是共享的一些日志样本-我必须从以下打印的日志中提取字段。字段说明如下-
2019-04-25 12:38:58|[2.1.250 - A16DOHI3 - 306ed8cf-ea45-4853-8fe1-7810d71ab1741556174567371 - - retail_new - 8899888226 - ecaf-my - ecafbut-weblogic-1.0-replica-0-kmz0l - validateExpiryDatePoiPoa] | I | com.airtel.pe.ecaf.butterfly.postpaid.utils.CreateDataUtils| [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'| Expiry Date is empty.
2019-04-25 12:38:58|[2.1.250 - A16DOHI3 - 306ed8cf-ea45-4853-8fe1-7810d71ab1741556174567371 - - retail_new - 8899888226 - ecaf-my - ecafbut-weblogic-1.0-replica-0-kmz0l - doGetConnection] | D | org.springframework.data.redis.core.RedisConnectionUtils| [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'| Opening RedisConnection
2019-04-25 12:38:58|[2.1.250 - A16DOHI3 - 306ed8cf-ea45-4853-8fe1-7810d71ab1741556174567371 - - retail_new - 8899888226 - ecaf-my - ecafbut-weblogic-1.0-replica-0-kmz0l - doGetConnection] | D | org.springframework.data.redis.core.RedisConnectionUtils| [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'| Opening RedisConnection
2019-04-25 12:38:59|[2.1.250 - A16DOHI3 - 306ed8cf-ea45-4853-8fe1-7810d71ab1741556174567371 - - retail_new - 8899888226 - ecaf-my - ecafbut-weblogic-1.0-replica-0-kmz0l - saveDetails] | I | com.airtel.pe.ecaf.butterfly.postpaid.adapter.SubmitOrderAdapter| [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'| Interaction Id 306ed8cf-ea45-4853-8fe1-7810d71ab1741556174567371 cafNumber D320001427 Inside Esim flow while saving data
2019-04-25 12:38:59|[2.1.250 - A16DOHI3 - 306ed8cf-ea45-4853-8fe1-7810d71ab1741556174567371 - - retail_new - 8899888226 - ecaf-my - ecafbut-weblogic-1.0-replica-0-kmz0l - cafGenerate] | E | com.airtel.pe.ecaf.butterfly.postpaid.service.impl.CreateOrderServiceImpl| [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'| Exception while generating caf
java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
at java.util.ArrayList.rangeCheck(ArrayList.java:653)
at java.util.ArrayList.get(ArrayList.java:429)
Please help in writing a grok filter-
The fields are non-mandatory.
Eg- 2019-04-25 12:38:59- timestamp
2.1.250- buildVersion
A16DOHI3- agentId
306ed8cf-ea45-4853-8fe1-7810d71ab1741556174567371- interactionId
(then a parameter is missing) separated by space
retail_new- flow_type
8899888226- msisdn
ecaf-my -projectName
ecafbut-weblogic-1.0-replica-0-kmz0l - hostName
cafGenerate -methodName
E -loggingLevel
com.airtel.pe.ecaf.butterfly.postpaid.service.impl.CreateOrderServiceImpl- className
[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'- threadId
message - Exception while generating caf
java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
at java.util.ArrayList.rangeCheck(ArrayList.java:653)
at java.util.ArrayList.get(ArrayList.java:429)
请帮助编写grok,其中某些参数可能是非强制性的,例如agentId可能存在,flow_type可能存在,methodName可能存在。如果没有任何参数,则不应显示grokParseFailure。
2019-05-04 18:38:10|[2.1.269 - a1flem8y - 765eeac3-57dd-4bd6-b437-8700e894ef3d1556974776702 - - retail_new - 8491841125 - ecaf-my - N2VL-PA-WEB15 - profile] | I
| com.airtel.common.aop.LogExecutionTime| [ACTIVE] ExecuteThread: '14' for queue: 'weblogic.kernel.Default (self-tuning)'| postResponseFromESB took 178 ms
Eg- 2019-05-04 18:38:10- timestamp
2.1.269- buildVersion
a1flem8y- agentId
765eeac3-57dd-4bd6-b437-8700e894ef3d1556974776702- interactionId
(then a parameter is missing) separated by space
retail_new - flowType
8491841125- msisdn
ecaf-my - projectName
N2VL-PA-WEB15- hostName
profile- methodName
I- loggingLevel
com.airtel.common.aop.LogExecutionTime- className
[ACTIVE] ExecuteThread: '14' for queue: 'weblogic.kernel.Default (self-tuning)'- threadId
postResponseFromESB took 178 ms- message
But now if any message has took in between- it should be broken down into
apiMethodName- postResponseFromESB
time- 178