问题
Can anybody help me writing the grok pattern for the following log line
07-Aug-2017|00:35:08,748 DEBUG [hostname] [Some WebApp Name] [6.9] [127.0.0.1] [1277]
I am not able to find a way to accomodate '[' & ']' in the grok patterns.
Any help will be appreciated.
回答1:
This should match your pattern:
%{MONTHDAY}-%{MONTH}-%{YEAR}\|%{TIME} %{LOGLEVEL} \[%{WORD} ] \[%{DATA}] \[%{NUMBER}] \[%{IP}] \[%{NUMBER}]
As you can see squared bracket are escaped with backslashes like this: \[ and \]
You might want to add semantic to it like so:
%{MONTHDAY:day}-%{MONTH:month}-%{YEAR:year}\|%{TIME:time} %{LOGLEVEL:loglevel} \[%{WORD:hostname} ] \[%{DATA:webapp}] \[%{NUMBER:somenumber}] \[%{IP:userip}] \[%{NUMBER:anothernumber}]
You can also test your grok patterns online e.g. here.
来源:https://stackoverflow.com/questions/45559913/need-help-in-writing-the-grok-pattern