logstash-grok

问题 I have the following Grok patterns defined in a pattern file HOSTNAME \b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\.?|\b) EMAILLOCALPART [a-zA-Z][a-zA-Z0-9_.+-=:]+ EMAILADDRESS %{EMAILLOCALPART}@%{HOSTNAME} For some reason this doesn't compile when run against http://grokdebug.herokuapp.com/ with the following input, it simply returns "Compile error" Node1\Spam.log.2016-05-03 171 1540699703 03/May/2016 00:00:01 +0000 INFO [http-bio-0.0.0.0-8001-exec-20429]

问题 I've a code in grok, which captures messages, and if they meet a given criteria, they get a tag. My problem is, that sometimes this filter works while testing, and sometimes does not. The regexp in question is the following: ^(?!(?:\d\d\d\d-\d\d-\d\d.\d\d:\d\d:\d\d)).*$ This line checks if the given message does not begin with a given time stamp format. In other words: if the given message does not begin with this time stamp, then it gets a tag. You can test it yourself with this online

问题 I've a code in grok, which captures messages, and if they meet a given criteria, they get a tag. My problem is, that sometimes this filter works while testing, and sometimes does not. The regexp in question is the following: ^(?!(?:\d\d\d\d-\d\d-\d\d.\d\d:\d\d:\d\d)).*$ This line checks if the given message does not begin with a given time stamp format. In other words: if the given message does not begin with this time stamp, then it gets a tag. You can test it yourself with this online

问题 I've a code in grok, which captures messages, and if they meet a given criteria, they get a tag. My problem is, that sometimes this filter works while testing, and sometimes does not. The regexp in question is the following: ^(?!(?:\d\d\d\d-\d\d-\d\d.\d\d:\d\d:\d\d)).*$ This line checks if the given message does not begin with a given time stamp format. In other words: if the given message does not begin with this time stamp, then it gets a tag. You can test it yourself with this online

问题 I am new to logstash. I have some logs stored in AWS S3 and I am able to import them to logstash. My question is: is it possible to use the grok filter to add tags based on the filenames? I try to use: grok { match => {"path" => "%{GREEDYDATA}/%{GREEDYDATA:bitcoin}.err.log"} add_tag => ["bitcoin_err"] } This is not working. I guess the reason is "path" only working with file inputs. Here is the structure of my S3 buckets: my_buckets ----A ----2014-07-02 ----a.log ----b.log ----B ----2014-07

问题 I am going to convert a log file events (which is recorded by LogAttribute processor) to JSON. I am using 'ExtractGroke' with this configuration: STACK pattern in pattern file is (?m).* Each log has this format: 2019-11-21 15:26:06,912 INFO [Timer-Driven Process Thread-4] org.apache.nifi.processors.standard.LogAttribute LogAttribute[id=143515f8-1f1d-1032-e7d2-8c07f50d1c5a] logging for flow file StandardFlowFileRecord[uuid=02eb9f21-4587-458b-8cee-ad052cb8e634,claim=StandardContentClaim

问题 I am going to convert a log file events (which is recorded by LogAttribute processor) to JSON. I am using 'ExtractGroke' with this configuration: STACK pattern in pattern file is (?m).* Each log has this format: 2019-11-21 15:26:06,912 INFO [Timer-Driven Process Thread-4] org.apache.nifi.processors.standard.LogAttribute LogAttribute[id=143515f8-1f1d-1032-e7d2-8c07f50d1c5a] logging for flow file StandardFlowFileRecord[uuid=02eb9f21-4587-458b-8cee-ad052cb8e634,claim=StandardContentClaim

问题 I have a date field which has a config of 2019-07-26T16:04:56.853Z this kind in my data when i have given add field with +EEEE , it is giving the day of timestamp , but not the required output. add_field => {"[weekday]" => "%{+EEEEE}"} I need that the output of the date field of 2019-07-26T16:04:56.853Z gives friday but it is giving the timestamp day. 回答1: Assuming you have the string "2019-07-26T16:04:56.853Z" in a field called [date] then this will set [dayOfWeek] to Friday mutate { gsub =>

问题 I am using Logstash to parse a log file. A sample log line is shown below. 2011/08/10 09:51:34.450457,1.048908,tcp,213.200.244.217,47908, ->,147.32.84.59,6881,S_RA,0,0,4,244,124,flow=Background-Established-cmpgw-CVUT I am using following filter in my confguration file. grok { match => ["message","%{DATESTAMP:timestamp},%{BASE16FLOAT:value},%{WORD:protocol},%{IP:ip},%{NUMBER:port},%{GREEDYDATA:direction},%{IP:ip2},%{NUMBER:port2},%{WORD:status},%{NUMBER:port3},%{NUMBER:port4},%{NUMBER:port5},%

问题 I have set up Elk stack on my windows machine with the following : Elasticserach Logstash Kibana My logstash.conf input { file { path => "\bin\MylogFile.log" start_position => "beginning" } } output { elasticsearch { hosts => localhost:9200 } } MylogFile.log(Apache Log) 127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326 "http://www.example.com/start.html" "Mozilla/4.08 [en] (Win98; I ;Nav)" When I run logstash.conf it creates the following index in