参考和测试网站:http://grokdebug.herokuapp.com
例如:test-39.dev.abc-inc.com Mon Apr 24 13:53:58 CST 2017 2017-04-16 23:37:44,282 [DEBUG] add service:com.abc.open.nlp.facade.NLPService
正则表达式过滤为:%{HOSTNAME:hostabc} %{DAY:zhouji} %{WORD:month} %{MONTHDAY:jihao} %{TIME:shijian} %{TZ:biaozhun} %{YEAR:nian} %{TIMESTAMP_ISO8601:shijianquan} \[%{WORD:zhonglei}\] %{WORD:caozuo} %{NOTSPACE:info}
过滤结果为:
{ "hostabc": [ [ "test-39.dev.abc-inc.com" ] ], "zhouji": [ [ "Mon" ] ], "month": [ [ "Apr" ] ], "jihao": [ [ "24" ] ], "shijian": [ [ "13:53:58" ] ], "HOUR": [ [ "13", "23", null ] ], "MINUTE": [ [ "53", "37", null ] ], "SECOND": [ [ "58", "44,282" ] ], "biaozhun": [ [ "CST" ] ], "nian": [ [ "2017" ] ], "shijianquan": [ [ "2017-04-16 23:37:44,282" ] ], "YEAR": [ [ "2017" ] ], "MONTHNUM": [ [ "04" ] ], "MONTHDAY": [ [ "16" ] ], "ISO8601_TIMEZONE": [ [ null ] ], "zhonglei": [ [ "DEBUG" ] ], "caozuo": [ [ "add" ] ], "info": [ [ "service:com.abc.open.nlp.facade.NLPService" ] ] }
正则表达式参考:http://grokdebug.herokuapp.com/patterns#
Logstash最佳实践参考链接:http://udn.yyuap.com/doc/logstash-best-practice-cn/get_start/index.html
OVER