一日志中有多种模式 [英] Multiple patterns in one log

问题描述

因此，我现在为正在运行的日志编写了几种模式.现在，我将这些具有多个模式的多个日志存储在一个文件中. Logstash如何知道在日志的哪一行必须使用哪种模式? (我正在用grok进行过滤)如果你们会很友善，可以给我链接到文档，因为我找不到关于此的任何东西:/

So I wrote now several patterns for logs which are working. The thing is now, that I have these multiple logs, with multiple patterns, in one single file. How does logstash know what kind of pattern it has to use for which line in the log? ( I am using grok for my filtering ) And if you guys would be super kind, could you give me the link to the docs, because I weren't able to find anything regarding this :/

推荐答案

您可以为grok过滤器使用多种模式，

You could use multiple patterns for your grok filter,

grok {
  match => ["fieldname", "pattern1", "pattern2", ..., "patternN"]
}

，它们将按顺序应用，但a)这不是性能上的最佳选择，并且b)无论如何，您可能想以不同的方式对待不同类型的日志，因此我建议您根据a的类型或标签使用条件讯息:

and they will be applied in order but a) it's not the best option performance-wise and b) you probably want to treat different types of logs differently anyway, so I suggest you use conditionals based on the type or tags of a message:

if [type] == "syslog" {
  grok {
    match => ["message", "your syslog pattern"]
  }
}

在输入插件中设置类型.

Set the type in the input plugin.

当前发布的Logstash版本的文档位于 http://logstash.net/docs/1.4.2/.它可能没有具体解决您的问题，但可以推断出来.

The documentation for the currently released version of Logstash is at http://logstash.net/docs/1.4.2/. It probably doesn't address your question specifically but it can be inferred.

这篇关于一日志中有多种模式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！