Logstash grok 模式捕获带有字符串异常的第一行
Logstash grok pattern to catch the first line with the string Exception
这是一个示例日志:
2022-01-07 11:05:01,185 [http-nio-8080-exec-526] WARN de.web.Main| = - Error while execute Request
javax.servlet.ServletException: com.cg.blart.web.HttpInvocationException: Invalid tenant session
at com.cg.blume.web.DispatchingServlet.doGet(DispatchingServlet.java:169)
at de.jinx.lee.web.AutoDBUpgradeDispatchingServlet.lambda$doGet[=10=](AutoDBUpgradeDispatchingServlet.java:200)
at de.jinx.lee.web.AutoDBUpgradeDispatchingServlet.addMDCKey(AutoDBUpgradeDispatchingServlet.java:297)
Caused by: com.cg.blume.web.HttpInvocationException: Invalid tenant session
at com.cg.blume.web.procedure.HttpSessionManager.get(HttpSessionManager.java:190)
at de.jinx.lee.web.session.leeHttpSessionManager.get(leeHttpSessionManager.java:76)
... 41 more
这是目前的模式:
^.*?Exception: +%{DATA:exception}$
我得到的输出很接近但没有雪茄:"com.cg.blart.web.HttpInvocationException: Invalid tenant session"。为了我的生活,我不让它匹配整条线。你能给我指路吗?所需的输出是:
javax.servlet.ServletException: com.cg.blart.web.HttpInvocationException: Invalid tenant session
这里有一个link的测试工具:https://grokdebug.herokuapp.com/
解决方案是这种模式:
(?<DATA:mps_exception>.*?(Exception:).*)
这里解释一下:https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html#_custom_patterns
这是一个示例日志:
2022-01-07 11:05:01,185 [http-nio-8080-exec-526] WARN de.web.Main| = - Error while execute Request
javax.servlet.ServletException: com.cg.blart.web.HttpInvocationException: Invalid tenant session
at com.cg.blume.web.DispatchingServlet.doGet(DispatchingServlet.java:169)
at de.jinx.lee.web.AutoDBUpgradeDispatchingServlet.lambda$doGet[=10=](AutoDBUpgradeDispatchingServlet.java:200)
at de.jinx.lee.web.AutoDBUpgradeDispatchingServlet.addMDCKey(AutoDBUpgradeDispatchingServlet.java:297)
Caused by: com.cg.blume.web.HttpInvocationException: Invalid tenant session
at com.cg.blume.web.procedure.HttpSessionManager.get(HttpSessionManager.java:190)
at de.jinx.lee.web.session.leeHttpSessionManager.get(leeHttpSessionManager.java:76)
... 41 more
这是目前的模式:
^.*?Exception: +%{DATA:exception}$
我得到的输出很接近但没有雪茄:"com.cg.blart.web.HttpInvocationException: Invalid tenant session"。为了我的生活,我不让它匹配整条线。你能给我指路吗?所需的输出是:
javax.servlet.ServletException: com.cg.blart.web.HttpInvocationException: Invalid tenant session
这里有一个link的测试工具:https://grokdebug.herokuapp.com/
解决方案是这种模式:
(?<DATA:mps_exception>.*?(Exception:).*)
这里解释一下:https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html#_custom_patterns