How to use regex for config files in this use case?

我只是一个虾纸丫 提交于 2019-12-12 04:25:54

问题


I am using LogStash which accepts data from a log file, which has different types of logs.

I tried this:

filter {
  grok {
    match => { "message" => "%{WORD:tag} %{WORD:message} %{WORD:value}
  }
}        

But it doesn't work.


回答1:


I am using the grok filter to check if the log line is of one format.

If the grok filter cannot parse the log line (such as with the json lines), _grokparsefailure will be added to the tags. You can then use this tag to differentiate between the two log type.

filter { 
    grok {
        match => {
        "message"=> 
            "tag: %{GREEDYDATA:tag} message: %{GREEDYDATA:message} value: %{WORD:value}"
        }
    }

    if "_grokparsefailure" in [tags] {
        json {
            source => message
        }
    }
}

To test your grok pattern, Grok Constructor is a good tool.



来源:https://stackoverflow.com/questions/39034834/how-to-use-regex-for-config-files-in-this-use-case

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!