线程名称的Grok模式(Logstash 8.2.0)
我是Logstash的新手。因此,我正在学习grok模式以及如何从日志线中提取数据。因此,我正在使用logback打印日志线。 logBack.xml中的布局类似:
%date{dd/MM/YYYY HH:mm:ss.SSS ZZ} [%-5level] [%thread] %logger{40} - %msg%n%xThrowable
因此,它通常会在文件中打印日志输出:
07/06/2022 14:37:41.471 +0530 [WARN ] [main] com.cmt.trial.logging.LoggingTrial - Trying to log an warn
现在到目前为止,
%{DATE_EU:date} %{TIME:time} %{ISO8601_TIMEZONE:zone} \[%{LOGLEVEL:loglevel}.*]
我必须删除日期,时间,时区和日志级别。但是我无法想到一种提取[main]的方法,这是线程名称。任何关于此的指示都会有所帮助。
提前致谢。
I am new to LogStash. So I am learning GROK patterns and how to extract data from log lines. So I am using Logback to print log lines. The layout in the logback.xml is something like:
%date{dd/MM/YYYY HH:mm:ss.SSS ZZ} [%-5level] [%thread] %logger{40} - %msg%n%xThrowable
So it normally prints a log output in a file like:
07/06/2022 14:37:41.471 +0530 [WARN ] [main] com.cmt.trial.logging.LoggingTrial - Trying to log an warn
Now so far, I have got to:
%{DATE_EU:date} %{TIME:time} %{ISO8601_TIMEZONE:zone} \[%{LOGLEVEL:loglevel}.*]
Which does pull out the date, time, time zone and the log level. But I am not able to think of a way to extract [main] which is the thread name. Any pointers on this would be helpful.
Thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
可以使用
data(REGEX。 在这里) ,知道线程名称在括号内,所以It is possible to use
DATA(regex.*?) instead ofGREEDYDATA(regex.*) (code here), knowing that the thread name is inside brackets, so something like