logstash grok

input {
        file {
                path => "/opt/service/test-service/logs/catalina-error*.log"
                type => "study-center-service"
                start_position=> "beginning"
                stat_interval => 1
            }
}


filter {

		multiline {
            pattern => "^d{4}-d{1,2}-d{1,2}sd{1,2}:d{1,2}:d{1,2}.d{3}"
            negate => true
            what => "previous"
        }
        grok { 
            match => { "message" => '%{DATA:time} %{LOGLEVEL:level} %{NOTSPACE:javaclass} %{INT:line} | %{NOTSPACE:serviceName} | %{NOTSPACE:serviceNode} | %{NOTSPACE:uri} | %{NOTSPACE:header} | %{NOTSPACE:request} | %{NOTSPACE:messages}'}
            match => {"time" => '%{NOTSPACE:time}'}
            match => {"level" => '%{NOTSPACE:level}'}
            match => {"javaclass" => '%{NOTSPACE:javaclass}'}
            match => {"line" => '%{NOTSPACE:line}'}
            match => {"serviceName" => '%{NOTSPACE:serviceName}'}
            match => {"serviceNode" => '%{NOTSPACE:serviceNode}'}
            match => {"uri" => '%{NOTSPACE:uri}'}
            match => {"header" => '%{NOTSPACE:header}'}
            match => {"request" => '%{NOTSPACE:request}'}
            match => {"messages" => '%{NOTSPACE:messages}'}
            break_on_match => true
	}
}

output {
        if !("_grokparsefailure" in [tags]) {
                elasticsearch {
                        hosts => ["192.168.2.187:9200"]
                        index => "%{[type]}-%{+YYYY.MM.dd}"
                }
        }
}

  

【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/ipyanthony/p/11178330.html