过滤特定行 [英] Filtering specific lines

问题描述

我当前正在尝试从日志文件中过滤特定行.我在日志文件中的行具有以下模式.

I am currently trying to filter specific lines from my log file. My lines in the log file are of the following pattern.

[8/05/13 14:24:55.468] RuntimeErrorI E LaError
[8/05/13 14:24:55.468] AbcdEfg W SomeWarning

其中第一个是日期，时间，应用程序名称和日志级别(警告，错误，跟踪等)，其后是错误消息或警告消息或任何其他消息.

where the first is the date, time, application name and the Log level( WARNING, ERROR, TRACE etc) followed by the error message or warning message or any other messages.

因此，我试图获取的只是日志级别的错误，而不是其他日志级别的错误. 我正在玩以下游戏，但根本没有获得控制台输出.我认为我在grep的某处出错，以检查其E(Error)

So what I am trying to get is the log level errors only and not other log levels. I have the following which I am playing around with but I am not getting console output at all. I think I am making a mistake somewhere in my grep for checking if its E(Error)

input {

  file {
  type => "database"
  path => "/home/nakampe/Desktop/file.log"
  }

}

filter {

 grok {

    pattern =>  "[%{MONTHDAY:date} / %{MONTH:month} / %{YEAR:year}  %{TIME:time}] %WORD:application} %{WORD:levelType}  %{WORD:message}"

  }


#Here I want to only consider log levels of E (ERROR) and not others
  grep{

  match => ["levelType", "E"]

  }

}

output {

   elasticsearch { 

   embedded => true 
   }

stdout { 
  message => "%{@message}"
  }     
}  

推荐答案

 grok { 

pattern =>  "%{MONTHDAY:date}/%{MONTHNUM:month}/%{YEAR:year} %{TIME:time} %{WORD:sast}]      

    %{INT:threadId} %{WORD:applicationName}%{SPACE:space}%{WORD:logLevel} %     {WORD:errorMessage}"

}

在使用 http://grokdebug.herokuapp.com/进行调试后，我的模式错误还可以一个非常有用的工具.

My mistake was with the pattern, after debugging using http://grokdebug.herokuapp.com/ all was ok. A very useful tool.

这篇关于过滤特定行的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！