在 nginx 访问日志中捕获响应主体的 grok 模式

grok pattern to capture response body in nginx access logs

我们正在尝试使用 resp_body:\"%{DATA:resp_body}\" 捕获下面的日志片段,但它只捕获 '{' 我们希望它捕获到最后的双引号。请帮助实现这一目标?

resp_body:"{"responseCode":0,"responseMessage":"Success","totalOrders":10,"totalPages":1,"currentPage":1,"order":[{"order_no":"NYK-56395463-0544196","eretailOrderNo":"NAH43103202","masterOrderNo":"NAH43103202","status":"Shipped complete","remarks":"","grandtotal":"2822.600","createAtStoreDate":"10/11/2020 23:19:04","shippingpkgcount":"2","itemcount":"10.000","shippingaddress":"chapra ..sahebganj..sonarpatti Landmark: near libas mart","mobileno":"8789932063","is_giftwrap":"no","giftwrap_msg":"","giftwrap_charges":"0.000","cancel_date":"","udf1":null,"udf2":null,"udf3":null,"udf4":"COD","udf5":"10","udf6":null,"udf7":null,"udf8":null,"udf9":null,"udf10":null,"pickupLocation":"","extFulFillmentLocCode":"","shipdetail":[{"qty":"1","transporter":"Delhivery Surface","transporterstatusremark":"Handover to co-located facility","transporterstatus":"INTRANSIT","shipdate":"13/11/2020 08:42:05","updated_date":"18/11/2020 07:50:13","delivereddate":"","refereceNo":"NBL320254620","wh_Loccode":"NBL","wh_Locname""

您应该使用 GREEDYDATA 而不是 DATA 来匹配最后一个引号之前的完整字符串。使用以下:

resp_body:\"%{GREEDYDATA:resp_body}\"