当行可靠地重复一部分时,请同时使用dissect和grok作为混合用例
我有下一个textfile/logfile:
2021-06-26 16:56:50,415 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 82) WFLYUT0022: Unregistered web context: '/PowerCardv35' from server 'default-server'
2021-06-26 16:56:54,046 INFO [io.undertow.servlet] (ServerService Thread Pool -- 83) Destroying Spring FrameworkServlet 'spring'
2021-06-26 16:56:54,090 INFO [io.undertow.servlet] (ServerService Thread Pool -- 83) Closing Spring root WebApplicationContext
2021-06-26 16:56:54,356 INFO [org.jboss.as.server.deployment] (MSC service thread 1-3) WFLYSRV0028: Stopped deployment v3_31-web.war (runtime-name: v3_31-web.war) in 314ms
2021-06-26 16:57:54,103 INFO [io.undertow.servlet] (ServerService Thread Pool -- 93) Initializing Spring root WebApplicationContext
2021-06-26 16:59:32,862 INFO [stdout] (ServerService Thread Pool -- 93) 2021-06-26 16:59:32,858 INFO [ServerService Thread Pool -- 93] serviceimpl.Pwc_time_zoneServiceImpl (Pwc_time_zoneServiceImpl.java:54) - PowerCardV3 : Operation:get_time_zone , USER : , SessionID :null , RemoteAddress:null
2021-06-26 16:59:32,887 INFO [stdout] (ServerService Thread Pool -- 93) jdbc/PWCCFGDS
2021-06-26 16:59:33,023 INFO [stdout] (ServerService Thread Pool -- 93) Database's time zone: +00:00
2021-06-26 16:59:33,025 INFO [io.undertow.servlet] (ServerService Thread Pool -- 93) Initializing Spring DispatcherServlet 'spring'
2021-06-26 17:00:23,620 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 93) WFLYUT0021: Registered web context: '/v3_31-web' for server 'default-server'
2021-06-26 17:06:56,923 INFO [stdout] (default task-1) 2021-06-26 17:06:56,922 INFO [default task-1] serviceimpl.AuthentificationServiceImpl (AuthentificationServiceImpl.java:111) - PowerCardV3 : Operation authentificationService , USER :ISS001
2021-06-26 17:07:05,313 INFO [stdout] (default task-1) 2021-06-26 17:07:05,311 INFO [default task-1] serviceimpl.AuthentificationServiceImpl (AuthentificationServiceImpl.java:183) - PowerCardV3 : Authentication failed , USER :ISS001 , SessionID :hWayqQ7vMhUV4rOBvLCelwC8v0DIMLHb0X0u9vjX , RemoteAddress:172.18.0.1
2021-06-26 17:07:05,689 INFO [stdout] (default task-1) 2021-06-26 17:07:05,683 ERROR [default task-1] errorhandling.BasicErrorHandlingAdvice (BasicErrorHandlingAdvice.java:94) - [org.fornax.cartridges.sculptor.framework.errorhandling.UnexpectedRuntimeException] : Bad credentials
2021-06-26 17:07:05,690 INFO [stdout] (default task-1) org.springframework.security.authentication.BadCredentialsException: Bad credentials
2021-06-26 17:07:05,690 INFO [stdout] (default task-1) at org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:93)
2021-06-26 17:07:05,696 INFO [stdout] (default task-1) at com.sun.proxy.$Proxy293.authentificationService(Unknown Source)
我想将索引显示为简单的表。但是在这种用例中,我们有一部分线路可靠地重复,但整个行不是。
为了解构重复的行部分,我使用了这样的解剖过滤器:
input {
file {
path => "/home/ahmed/Bureau/archive/dissect.txt"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
dissect {
mapping => {
"message" => "%{date} %{time} %{loglevel} [%{package}]"
}
}
}
output {
elasticsearch {
hosts => "http://localhost:9200"
}
stdout {}
}
但是我不知道如何使用grok滤波器处理剩余的线值。
有帮助吗?还是我的过滤器部分有什么建议?
如果有人能完全写我的过滤器部分,我将非常感谢。因为我只是麋鹿的初学者。
提前致谢。
I have the next textfile/logfile:
2021-06-26 16:56:50,415 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 82) WFLYUT0022: Unregistered web context: '/PowerCardv35' from server 'default-server'
2021-06-26 16:56:54,046 INFO [io.undertow.servlet] (ServerService Thread Pool -- 83) Destroying Spring FrameworkServlet 'spring'
2021-06-26 16:56:54,090 INFO [io.undertow.servlet] (ServerService Thread Pool -- 83) Closing Spring root WebApplicationContext
2021-06-26 16:56:54,356 INFO [org.jboss.as.server.deployment] (MSC service thread 1-3) WFLYSRV0028: Stopped deployment v3_31-web.war (runtime-name: v3_31-web.war) in 314ms
2021-06-26 16:57:54,103 INFO [io.undertow.servlet] (ServerService Thread Pool -- 93) Initializing Spring root WebApplicationContext
2021-06-26 16:59:32,862 INFO [stdout] (ServerService Thread Pool -- 93) 2021-06-26 16:59:32,858 INFO [ServerService Thread Pool -- 93] serviceimpl.Pwc_time_zoneServiceImpl (Pwc_time_zoneServiceImpl.java:54) - PowerCardV3 : Operation:get_time_zone , USER : , SessionID :null , RemoteAddress:null
2021-06-26 16:59:32,887 INFO [stdout] (ServerService Thread Pool -- 93) jdbc/PWCCFGDS
2021-06-26 16:59:33,023 INFO [stdout] (ServerService Thread Pool -- 93) Database's time zone: +00:00
2021-06-26 16:59:33,025 INFO [io.undertow.servlet] (ServerService Thread Pool -- 93) Initializing Spring DispatcherServlet 'spring'
2021-06-26 17:00:23,620 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 93) WFLYUT0021: Registered web context: '/v3_31-web' for server 'default-server'
2021-06-26 17:06:56,923 INFO [stdout] (default task-1) 2021-06-26 17:06:56,922 INFO [default task-1] serviceimpl.AuthentificationServiceImpl (AuthentificationServiceImpl.java:111) - PowerCardV3 : Operation authentificationService , USER :ISS001
2021-06-26 17:07:05,313 INFO [stdout] (default task-1) 2021-06-26 17:07:05,311 INFO [default task-1] serviceimpl.AuthentificationServiceImpl (AuthentificationServiceImpl.java:183) - PowerCardV3 : Authentication failed , USER :ISS001 , SessionID :hWayqQ7vMhUV4rOBvLCelwC8v0DIMLHb0X0u9vjX , RemoteAddress:172.18.0.1
2021-06-26 17:07:05,689 INFO [stdout] (default task-1) 2021-06-26 17:07:05,683 ERROR [default task-1] errorhandling.BasicErrorHandlingAdvice (BasicErrorHandlingAdvice.java:94) - [org.fornax.cartridges.sculptor.framework.errorhandling.UnexpectedRuntimeException] : Bad credentials
2021-06-26 17:07:05,690 INFO [stdout] (default task-1) org.springframework.security.authentication.BadCredentialsException: Bad credentials
2021-06-26 17:07:05,690 INFO [stdout] (default task-1) at org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:93)
2021-06-26 17:07:05,696 INFO [stdout] (default task-1) at com.sun.proxy.$Proxy293.authentificationService(Unknown Source)
I would like to display my index as a simple table. But in this use case we have a section of the line is reliably repeated, but the entire line is not.
To deconstruct the section of the line that is repeated, I used the Dissect filter like this:
input {
file {
path => "/home/ahmed/Bureau/archive/dissect.txt"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
dissect {
mapping => {
"message" => "%{date} %{time} %{loglevel} [%{package}]"
}
}
}
output {
elasticsearch {
hosts => "http://localhost:9200"
}
stdout {}
}
But I don't know how I can use the Grok filter to process the remaining line values.
Any help please ? or any suggestion for my filter section?
if someone could write completely my filter section I would be very grateful. Because I'm just a beginner in ELK.
Thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论