正则表达式匹配模式

正则链接

  • 编辑一个新的配置文件 [root@master_agent logfile]# vim grok.conf
input {
        stdin {}
}

filter {
         grok {
         match => { "message" => "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" }
  }
}

output {
        stdout {
                codec => "rubydebug"
        }
}

参考文档

match => { "message" => "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" }
  }
[root@master_agent logfile]# /opt/logstash/bin/logstash -f grok.conf 
OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N
Settings: Default pipeline workers: 1
Pipeline main started
手动输入测试
 match => { "message" => "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" }
  }
  {
       "message" => " match => { \"message\" => \"%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}\" }",
      "@version" => "1",
    "@timestamp" => "2017-06-27T17:45:52.765Z",
          "host" => "master_agent",
          "tags" => [
        [0] "_grokparsefailure"
    ]
}
  • 正则匹配调用的参数储存的位置,相当于内置函数
  • [root@master_agent logfile]# cd /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.5/
  • 内置的模块变量
[root@master_agent patterns]# ls
aws     bro   firewalls      haproxy  junos         mcollective           mongodb  postgresql  redis
bacula  exim  grok-patterns  java     linux-syslog  mcollective-patterns  nagios   rails       ruby
[root@master_agent patterns]#
打赏作者

Leave a Reply

Your email address will not be published.