问题描述
嗨,我收到以下错误消息:
"tags" => [
[0] "beats_input_codec_plain_applied",[1] "_grokparsefailure"
]
我正在按照以下步骤操作我的logstash-sample.conf
input {
beats {
port => "5044"
}
}
filter {
grok {
match => ["message","HTTPD20_ERRORLOG \[%{HTTPDERROR_DATE:timestamp}\] \[%{LOGLEVEL:loglevel}\] (?:\[client %{IPORHOST:clientip}\] )$
}
}
output {
stdout { codec => rubydebug }
}
有人可以帮我在这里做什么错吗?同样在模式 {LOGLEVEL:loglevel}](?:[客户端%{IPORHOST:clientip} 我需要指定loglevel和clientip吗?
我的日志样本:
2020-10-09 14:24:33,489 [Thread1] INFO ReceiverLogging- Connecting
2020-10-09 14:24:34,166 [Thread1] INFO ReceiverLogging- Connected...
2020-10-09 14:24:34,166 [Thread1] INFO ReceiverLogging- Getting folder...
2020-10-09 14:24:34,167 [Thread1] INFO ReceiverLogging- Got folder
2020-10-09 14:24:34,167 [Thread1] INFO ReceiverLogging- opening folder
2020-10-09 14:24:34,237 [Thread1] INFO ReceiverLogging- getting folder
2020-10-09 14:24:34,247 [Thread-6] ERROR CheckLog Error While Connecting to Websocket
javax.websocket.DeploymentException: The HTTP request to initiate the WebSocket connection Failed
at org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:392)
at org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:150)
at global.services.WebSocketClient.<init>(WebSocketClient.java:33)
at global.services.WebSocketClient.getInstance(WebSocketClient.java:51)
at global.services.SchedulerThread.run(SchedulerThread.java:63)
Caused by: java.util.concurrent.TimeoutException
at sun.nio.ch.PendingFuture.get(PendingFuture.java:197)
at org.apache.tomcat.websocket.WsWebSocketContainer.processResponse(WsWebSocketContainer.java:674)
at org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:340)
... 4 more
2020-10-09 14:24:34,248 [Thread-6] ERROR Exception- Error While Connecting to Websocket
请帮助
解决方法
首先,我建议您了解GROK的一些基础知识及其工作方式。在答案的末尾添加一些有用的资源。
日志中的当前模式就像 时间戳类名逻辑等级
对于以下问题中的日志样本,是一个样本管道,尽管不确定是否需要多行来捕获堆栈跟踪。在这种情况下,可以扩展以下内容。
filter {
grok{
match => { "message" => "%{TIMESTAMP_ISO8601:timeStamp}%{SPACE}\[%{DATA:className}\]%{SPACE}%{LOGLEVEL:logLevel}%{SPACE}%{GREEDYDATA:message}"}
overwrite => [ "message" ]
}
date {
match => ["timeStamp","yyyy-MM-dd HH:mm:ss,SSS"]
timezone => "Europe/London"
target => "@timestamp"
remove_field => ["timeStamp"]
}
}
输出事件看起来像
{
"logLevel" => "INFO","@version" => "1","path" => "/usr/share/logstash/stack/data/data.log","className" => "Classname","host" => "95b3783b146a","@timestamp" => 2020-10-09T13:24:35.004Z,"message" => "LOGG- Sending message : Test"
}
{
"logLevel" => "ERROR","message" => "InternetApp- in details."
}