graylog日志分流
1.在system中grok patterns新增
BE_logs_message
%{GREEDYDATA}ip=%{IPV4: ip}%{SPACE}biz_id=%{GREEDYDATA: biz_id}%{SPACE}ts=%{GREEDYDATA: real_time}%{SPACE}req_id=%{GREEDYDATA:req_id}%{SPACE}msg:%{GREEDYDATA}%{GREEDYDATA}
2.Extractors of BE-logs
{ "extractors": [ { "title": "runtime", "extractor_type": "regex", "converters": [], "order": 0, "cursor_strategy": "copy", "source_field": "message", "target_field": "runtime", "extractor_config": { "regex_value": "(?i)([0-9].[0-9]+(?=[^0-9]*$))" }, "condition_type": "none", "condition_value": "" }, { "title": "BE-logs-message", "extractor_type": "grok", "converters": [], "order": 0, "cursor_strategy": "copy", "source_field": "message", "target_field": "", "extractor_config": { "grok_pattern": "%{BE_logs_message}", "named_captures_only": true }, "condition_type": "none", "condition_value": "" }, { "title": "BE-logs-real_time", "extractor_type": "regex", "converters": [ { "type": "date", "config": { "date_format": "yyyy-MM-dd HH:mm:ss", "time_zone": "Asia/Shanghai", "locale": "zh-CN" } } ], "order": 0, "cursor_strategy": "cut", "source_field": "real_time", "target_field": "real_time", "extractor_config": { "regex_value": "^(.*)$" }, "condition_type": "none", "condition_value": "" } ], "version": "3.2.6" }
3.Extractors of test-BE-logs
{ "extractors": [ { "title": "test-BE-logs-message", "extractor_type": "grok", "converters": [], "order": 0, "cursor_strategy": "copy", "source_field": "message", "target_field": "", "extractor_config": { "grok_pattern": "%{BE_logs_message}", "named_captures_only": true }, "condition_type": "none", "condition_value": "" }, { "title": "test-BE-logs-real_time", "extractor_type": "regex", "converters": [ { "type": "date", "config": { "date_format": "yyyy-MM-dd HH:mm:ss", "time_zone": "Asia/Shanghai", "locale": "zh" } } ], "order": 0, "cursor_strategy": "cut", "source_field": "real_time", "target_field": "real_time", "extractor_config": { "regex_value": "^(.*)$" }, "condition_type": "none", "condition_value": "" } ], "version": "3.2.6" }
