Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

How to use filter in LogStash

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

LogStash filter how to use, many novices are not very clear about this, in order to help you solve this problem, the following small series will explain in detail for everyone, there are people who need this can learn, I hope you can gain something.

grok

Custom grok format

In the conf file folder sibling directory, usually in the patterns folder, create your own pattern file, such as the extra file.

# contents of ./ patterns/postfix:

POSTFIX_QUEUEID [0-9A-F]{10,11}

For example, for log format: Jan 1 06:25:43 mailserver14 postfix/cleanup[21403]: BEF25A72965: message-id= "./ patterns"

match => [ "message", "%{SYSLOGBASE} %{POSTFIX_QUEUEID:queue_id}: %{GREEDYDATA:syslog_message}" ]

}

}

The results are:

correct matching

2. Some of the more magical Grok patterns

For example: GREEDYDATA .*

Note: If I don't want to match everything, use Greedidata directly.

Example: Match, 52:awfasdf0r8b123e:222g1g16:885579b2:9afr

Add %{GREEDYDATA:sth} to the grok of filter to match the above string. If you want more detailed matching, write your own regular, matching each item.

Practical examples 1. Want to handle java log information, including normal info and error stack information how to deal with?

Thinking:

In filter, use multiline to group log information; then use grok to split it.

Things that need attention may encounter newline problems. What to do at this time?

The processing at this time is such that using GREEDYDATA is invalid because it is only a match.* And... is not matching newline, at this time, GreedyData should be replaced with:

(? (.|\ r| * ** Did reading the above help you? If you still want to have further understanding of related knowledge or read more related articles, please pay attention to the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Files information logs time processing folders formats help clarity magic everything things things content just level stack actual this ideas vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Shulou Information Huawei Docker Apple Linux Shulou Technology vpn MariaDB Shulou Tech Info Redmi Xiaomi MySQL macOS NVidia Microsoft OPPO Reno Shulou Information Huawei Docker Apple Linux Shulou Technology vpn MariaDB Shulou Tech Info Redmi Xiaomi MySQL macOS NVidia Microsoft OPPO Reno

Share To

Related

Servers

More Servers >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report