基于两个条件过滤文本以获取logstash配置的if条件

时间:2019-06-10 17:30:01

标签: elasticsearch logstash logstash-grok logstash-configuration

我有一个日志文件。日志文件包含许多db-exceptions。我有兴趣在ElasticSearch中使用Logstash和索引获取所有异常

异常:

inline int add(int x, int y) {
    return x+y;
}

void main() {
    // some code
    int sum = add(2, 5);
    cout << sum <<endl;

    return;
}

Logstash过滤器:

05-06-19 05:34:42.794     6a5ba226-da6a-469a-8304-2f79f68fdbcd        http-bio-8080-exec-8     ERROR     c.w.m.n.o.i.o.r.XYZRepo         executeMerge      157     Failed while processing deliveryList:[deliveryTO{deliveryNumber=92183914, itemNumber=565683539, asnNumber='0664420512', channelMethod='SSTKU,CROSSU', baseDivisionName='wm', countryCode='US' itemUomCode='null', poInd='r', obsoleteInd=null, processStatus='null', itemQuantity=null, overageItemQuantity=null, availableQuantity=322, whpkQuantity=null, vnpkQuantity=null, unfulfilledQty=null ,newItemQty=null} ] with exception:{} com.a.b.c.exceptions.MyDBException: ExceptionCode-BE-00028

Logstash输出:

filter {
  grok{
      match => { "message" => "%{TIMESTAMP_ISO8601:Date}%{DATA:corelationid}%{LOGLEVEL:loglevel}%{DATA:javaclass}%{NUMBER:number}%{GREEDYDATA:content}" }
      overwrite => ["message"]
 }

  if  ("ERROR" not in [loglevel] and "ExceptionCode-BE-00028" not in [content])  {
       drop { }
  }   
}

0 个答案:

没有答案
相关问题
最新问题