在编写grok模式时需要帮助 [英] Need help in writing the grok pattern

问题描述

有人可以帮我为下面的日志行写grok模式吗?

Can anybody help me writing the grok pattern for the following log line

07-Aug-2017|00:35:08,748 DEBUG [hostname] [Some WebApp Name] [6.9] [127.0.0.1] [1277]

我找不到适应"["&的方法grok模式中的']'.

I am not able to find a way to accomodate '[' & ']' in the grok patterns.

任何帮助将不胜感激.

推荐答案

这应与您的模式匹配:

%{MONTHDAY}-%{MONTH}-%{YEAR}\|%{TIME} %{LOGLEVEL} \[%{WORD} ] \[%{DATA}] \[%{NUMBER}] \[%{IP}] \[%{NUMBER}]

如您所见，方括号用反斜杠转义，如下所示:\[和\]

As you can see squared bracket are escaped with backslashes like this: \[ and \]

您可能希望像这样添加语义:

You might want to add semantic to it like so:

%{MONTHDAY:day}-%{MONTH:month}-%{YEAR:year}\|%{TIME:time} %{LOGLEVEL:loglevel} \[%{WORD:hostname} ] \[%{DATA:webapp}] \[%{NUMBER:somenumber}] \[%{IP:userip}] \[%{NUMBER:anothernumber}]

您还可以在线测试您的希腊模式，例如此处.

You can also test your grok patterns online e.g. here.

这篇关于在编写grok模式时需要帮助的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！