尝试为我的日志创建 grok 模式,但不确定如何转义特殊字符
Trying to create grok pattern for my logs, but unsure how to escape special charaters
07:40:28,339 INFO [org.sprinframework.web.context.ContxtLoader] (ServerService Thread Pool -- 672) WebApplicationContext: initialization started
我是这样写的
grok {
match => { "message" => "%{TIME:timestamp}%{SPACE}%{WORD:loglevel}%{SPACE}%{DATA:classname}%{SPACE}%{DATA:url}{THREADPOOL:thread}%{SPACE}%{DATA:logs}" }
}
您需要的 grok 模式是:
%{TIME:timestamp}%{SPACE}%{LOGLEVEL:level}%{SPACE}\[(?<logger>[^\]]+)\]%{SPACE}\((?<thread>[^)]+)\)%{SPACE}%{GREEDYDATA:message}
07:40:28,339 INFO [org.sprinframework.web.context.ContxtLoader] (ServerService Thread Pool -- 672) WebApplicationContext: initialization started
我是这样写的
grok {
match => { "message" => "%{TIME:timestamp}%{SPACE}%{WORD:loglevel}%{SPACE}%{DATA:classname}%{SPACE}%{DATA:url}{THREADPOOL:thread}%{SPACE}%{DATA:logs}" }
}
您需要的 grok 模式是:
%{TIME:timestamp}%{SPACE}%{LOGLEVEL:level}%{SPACE}\[(?<logger>[^\]]+)\]%{SPACE}\((?<thread>[^)]+)\)%{SPACE}%{GREEDYDATA:message}