参考和测试网站:http://grokdebug.herokuapp.com
例如:test-39.dev.abc-inc.com Mon Apr 24 13:53:58 CST 2017 2017-04-16 23:37:44,282 [DEBUG] add service:com.abc.open.nlp.facade.NLPService
正则表达式过滤为:%{HOSTNAME:hostabc} %{DAY:zhouji} %{WORD:month} %{MONTHDAY:jihao} %{TIME:shijian} %{TZ:biaozhun} %{YEAR:nian} %{TIMESTAMP_ISO8601:shijianquan} [%{WORD:zhonglei}] %{WORD:caozuo} %{NOTSPACE:info}
过滤结果为:
{
"hostabc": [
[
"test-39.dev.abc-inc.com"
]
],
"zhouji": [
[
"Mon"
]
],
"month": [
[
"Apr"
]
],
"jihao": [
[
"24"
]
],
"shijian": [
[
"13:53:58"
]
],
"HOUR": [
[
"13",
"23",
null
]
],
"MINUTE": [
[
"53",
"37",
null
]
],
"SECOND": [
[
"58",
"44,282"
]
],
"biaozhun": [
[
"CST"
]
],
"nian": [
[
"2017"
]
],
"shijianquan": [
[
"2017-04-16 23:37:44,282"
]
],
"YEAR": [
[
"2017"
]
],
"MONTHNUM": [
[
"04"
]
],
"MONTHDAY": [
[
"16"
]
],
"ISO8601_TIMEZONE": [
[
null
]
],
"zhonglei": [
[
"DEBUG"
]
],
"caozuo": [
[
"add"
]
],
"info": [
[
"service:com.abc.open.nlp.facade.NLPService"
]
]
}
正则表达式参考:http://grokdebug.herokuapp.com/patterns#
Logstash最佳实践参考链接:http://udn.yyuap.com/doc/logstash-best-practice-cn/get_start/index.html
OVER