您的位置：首页 > 其它

Logstash过滤插件grok简单测试

2016-07-30 23:16 363 查看

Logstash配置文档

#vimuseTime.conf

input{

stdin{}

filter{

grok{

match=>{

"message"=>
"\s+(?<API>调用.*(用时|异常)).*useTime=(?<useTime>\d+?)$"

output{

stdout{

codec=>rubydebug

过滤正则表达示

\s+(?<API>调用.*(用时|异常))
-->调用gz(广州银行)用时

useTime=(?<useTime>\d+?)$-->useTime=251

测试的日志：

[07/29
00:01:17][INFO][[B10005-15]]impl.GzClientServiceImpl.exec:234-调用gz(广州银行)用时,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=251

[07/29
00:01:17][INFO][[B10005-15]]impl.GzClientServiceImpl.exec:234-调用gz(广州银行)异常,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=2510

测试结果：

[root@test
~]#/opt/logstash-2.3.4/bin/logstash-fuseTime.conf

Settings:
Defaultpipelineworkers:1

Pipelinemain
started

[07/29
00:01:17][INFO][[B10005-15]]impl.GzClientServiceImpl.exec:234-调用gz(广州银行)用时,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=251

"message"=>"[07/29
00:01:17][INFO][[B10005-15]]impl.GzClientServiceImpl.exec:234-调用gz(广州银行)用时,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=251",

"@version"=>"1",

"@timestamp"=>
"2016-07-30T15:09:21.376Z",

"host"=>
"0.0.0.0",

"API"=>"调用gz(广州银行)用时",

"useTime"=>
"251"

[07/29
00:01:17][INFO][[B10005-15]]impl.GzClientServiceImpl.exec:234-调用gz(广州银行)异常,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=2510

"message"=>"[07/29
00:01:17][INFO][[B10005-15]]impl.GzClientServiceImpl.exec:234-调用gz(广州银行)异常,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=2510",

"@version"=>"1",

"@timestamp"=>
"2016-07-30T15:09:28.885Z",

"host"=>
"0.0.0.0",

"API"=>"调用gz(广州银行)异常",

"useTime"=>
"2510"

^CSIGINT
received.Shuttingdowntheagent.{:level=>:warn}

stopping
pipeline{:id=>"main"}

Over！！
本文出自“cexpert”博客，请务必保留此出处http://cexpert.blog.51cto.com/5251990/1832216

内容来自用户分享和网络整理，不保证内容的准确性，如有侵权内容，可联系管理员处理

标签：

相关文章推荐

新的分享

章节导航