问题描述
我正在尝试获取以下网络日志行的 grok 模式:
[2020-12-14 10:44:57,598: INFO/ForkPoolWorker-1] Task celery.chord_unlock[1f93d444-835f-4ff4-b730-915b0f17f9ab] retry: Retry in 1s
这是我得到的模式:
%{DATESTAMP:timestamp},%{INT:pid}:\s%{DATA:loglevel}%{GREEDYDATA:message}
模拟这个:
{
"timestamp": [
"20-12-14 10:44:57"
],"pid": [
"598"
],"loglevel": [
""
],"message": [
"INFO / ForkPoolWorker-1] Task celery.chord_unlock [1f93d444-835f-4ff4-b730-915b0f17f9ab] retry: Retry in 1s"
]
}
解决方法
我希望这对你来说是一个更好的:
%{DATESTAMP:timestamp},%{INT:pid}: %{DATA:loglevel}/%{DATA:worker}] %{GREEDYDATA:message}
使用 grok debugger 和 cheat-sheet 构建它。