logstash grok 字段是怎么新增的？

filebeat 收集日志发送给 logstash

input {
  beats {
    port => 5044
    ssl => false
  }
}


filter {
    grok {
     match => { "message", "%{HOUR}:?%{MINUTE}(?::?%{SECOND}) %{DATA:thread} %{JAVACLASS:class}  %{JAVALOGMESSAGE:logmessage}" }

}

output {
    stdout { codec => rubydebug }
}

输出的记过，只有一些默认字段，grok 里面定义的{JAVALOGMESSAGE:logmessage} logmessage 怎么没有单独显示出来？

只是显示 "message" => "09:05:08.193 http-nio-8080-exec-5 o.h.engine.jdbc.spi.SqlExceptionHelper FUNCTION zh.nvl does not exist", 和一些默认字段

不是应该有 "logmessage" => "FUNCTION zh.nvl does not exist"

我用的都是7.8的版本。

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

Categories

logstash grok 字段是怎么新增的？

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags