Logstash Grok过滤器配置,用于php monolog多行(stacktrace)日志 [英] Logstash grok filter config for php monolog multi-line(stacktrace) logs

查看:374
本文介绍了Logstash Grok过滤器配置,用于php monolog多行(stacktrace)日志的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

[2018-02-12 09:15:43] development.WARNING: home page  
[2018-02-12 09:15:43] development.INFO: home page  
[2018-02-12 10:22:50] development.WARNING: home page  
[2018-02-12 10:22:50] development.INFO: home page  
[2018-02-12 10:22:50] development.ERROR: Call to undefined function vie() {"exception":"[object](Symfony\\Component\\Debug\\Exception\\FatalThrowableError(code: 0): Call to undefined function vie() at /var/www/html/routes/web.php:16 
[stacktrace]
#0 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Route.php(198): Illuminate\\Routing\\Router->{closure}()
#1 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Route.php(172): Illuminate\\Routing\\Route->runCallable()
#2 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(658): Illuminate\\Routing\\Route->run()
#3 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(30): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#4 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(41): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#5 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\Routing\\Middleware\\SubstituteBindings->handle(Object(Illuminate\\Http\\Request), Object(Closure))

.....
.....
.....

#45 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(151): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#46 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(116): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter(Object(Illuminate\\Http\\Request))
#47 /var/www/html/public/index.php(55): Illuminate\\Foundation\\Http\\Kernel->handle(Object(Illuminate\\Http\\Request))
#48{main}
"}

上面是我的Laravel独白样本日志数据.我正在使用Logstash读取日志数据并将其发送到Elasticsearch.下面是我的logstash.conf文件

Above is my Laravel monolog sample log data. I am using Logstash to read the log data and sent it to Elasticsearch. Below is my logstash.conf file

input {
  file {
    path => '/var/www/html/php-app/application/storage/logs/laravel-*.log'
    start_position => 'beginning'
    ignore_older => 0
  }
}
filter {
  grok {
    match => { "message" => "\[%{TIMESTAMP_ISO8601:timestamp}\] %{DATA:env}\.%{DATA:severity}: %{DATA:message}at %{DATA:trace}" }
  }
}
output {
  elasticsearch {
    hosts => [ 'localhost:9200' ]
    index => "laravel-%{+YYYY-MM-dd}"
  }
  stdout {
    codec => rubydebug
  }
}

以上配置适用于单行日志消息.例如下面的日志消息

Above configuration is working for single line log messages. For example below log message

[2018-02-12 09:15:43] development.WARNING: home page

将输出生成为

"timestamp": "2018-02-12 10:57:25",
"@timestamp": "2018-02-12T10:57:26.614Z",
"severity": "INFO",
"path": "/var/www/html/php-app/application/storage/logs/laravel-2018-02-12.log",
"message": "[2018-02-12 10:57:25] development.INFO: home page  ",
"env": "development"

但是对于多行消息(即-具有stacktrace的消息),它为每行生成如下.

But for Multiline messages(i.e - message with stacktrace), it generates like below for each line. 

"@timestamp" => 2018-02-12T10:56:47.785Z,
"path" => "/var/www/html/php-app/application/storage/logs/laravel-2018-02-12.log",
"message" => "#1 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\\\\Foundation\\\\Http\\\\Middleware\\\\ValidatePostSize->handle(Object(Illuminate\\\\Http\\\\Request), Object(Closure))",
"tags" => [
    [0] "_grokparsefailure"
],

我也尝试了多行过滤器.多行错误日志仍然没有成功.我需要一个适合多行和单行错误消息的解决方案.

I have tried multi-line filter too. Still no success for multi-line error logs. I need a solution which suits for both multi-line and single line error messages.

请帮助我找到适合单行和多行错误日志的grok配置.

Please help me in find right grok config which suits for both single line and multi-line error logs .

推荐答案

最后!我为我的问题找到了解决方案.并发布logstash配置,该配置将来可能对其他人有用.

Finally! I got the solution for my problem. and posting the logstash config which can be useful for others in future.

input {
    file {
        path => '/var/www/html/php-app/application/storage/logs/laravel-*.log'
        start_position => 'beginning'
        ignore_older => 0
        codec => multiline { pattern => "\[[\d]{4}" negate => "true" what => "previous" }
    }
}

filter {
    grok {
        match => { "message" => "\[%{TIMESTAMP_ISO8601:timestamp}\] %{DATA:env}\.%{DATA:severity}: %{DATA:message}" }
    }
}

output {
    elasticsearch {
        hosts => [ 'localhost:9200' ]
        index => "laravel-%{+YYYY-MM-dd}"
    }
    stdout {
        codec => rubydebug
    }
}

@baudsp感谢您帮助我解决此问题.

@baudsp Thanks for helping me out to solve this problem.

这篇关于Logstash Grok过滤器配置,用于php monolog多行(stacktrace)日志的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆