Multiple patterns in one log

后端未结

关注

 2  1174

借酒劲吻你 2020-12-06 06:48

So I wrote now several patterns for logs which are working. The thing is now, that I have these multiple logs, with multiple patterns, in one single file. How does logstash

2条回答

粉色の甜心 (楼主)

2020-12-06 07:22
You could use multiple patterns for your grok filter,
```
grok {
  match => ["fieldname", "pattern1", "pattern2", ..., "patternN"]
}
```
and they will be applied in order but a) it's not the best option performance-wise and b) you probably want to treat different types of logs differently anyway, so I suggest you use conditionals based on the type or tags of a message:
```
if [type] == "syslog" {
  grok {
    match => ["message", "your syslog pattern"]
  }
}
```
Set the type in the input plugin.

The documentation for the currently released version of Logstash is at http://logstash.net/docs/1.4.2/. It probably doesn't address your question specifically but it can be inferred.
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...