graylog日志分流

1.在system中grok patterns新增
BE_logs_message
%{GREEDYDATA}ip=%{IPV4: ip}%{SPACE}biz_id=%{GREEDYDATA: biz_id}%{SPACE}ts=%{GREEDYDATA: real_time}%{SPACE}req_id=%{GREEDYDATA:req_id}%{SPACE}msg:%{GREEDYDATA}%{GREEDYDATA}
2.Extractors of BE-logs

复制代码
{
  "extractors": [
    {
      "title": "runtime",
      "extractor_type": "regex",
      "converters": [],
      "order": 0,
      "cursor_strategy": "copy",
      "source_field": "message",
      "target_field": "runtime",
      "extractor_config": {
        "regex_value": "(?i)([0-9].[0-9]+(?=[^0-9]*$))"
      },
      "condition_type": "none",
      "condition_value": ""
    },
    {
      "title": "BE-logs-message",
      "extractor_type": "grok",
      "converters": [],
      "order": 0,
      "cursor_strategy": "copy",
      "source_field": "message",
      "target_field": "",
      "extractor_config": {
        "grok_pattern": "%{BE_logs_message}",
        "named_captures_only": true
      },
      "condition_type": "none",
      "condition_value": ""
    },
    {
      "title": "BE-logs-real_time",
      "extractor_type": "regex",
      "converters": [
        {
          "type": "date",
          "config": {
            "date_format": "yyyy-MM-dd HH:mm:ss",
            "time_zone": "Asia/Shanghai",
            "locale": "zh-CN"
          }
        }
      ],
      "order": 0,
      "cursor_strategy": "cut",
      "source_field": "real_time",
      "target_field": "real_time",
      "extractor_config": {
        "regex_value": "^(.*)$"
      },
      "condition_type": "none",
      "condition_value": ""
    }
  ],
  "version": "3.2.6"
}
复制代码

3.Extractors of test-BE-logs

复制代码
{
  "extractors": [
    {
      "title": "test-BE-logs-message",
      "extractor_type": "grok",
      "converters": [],
      "order": 0,
      "cursor_strategy": "copy",
      "source_field": "message",
      "target_field": "",
      "extractor_config": {
        "grok_pattern": "%{BE_logs_message}",
        "named_captures_only": true
      },
      "condition_type": "none",
      "condition_value": ""
    },
    {
      "title": "test-BE-logs-real_time",
      "extractor_type": "regex",
      "converters": [
        {
          "type": "date",
          "config": {
            "date_format": "yyyy-MM-dd HH:mm:ss",
            "time_zone": "Asia/Shanghai",
            "locale": "zh"
          }
        }
      ],
      "order": 0,
      "cursor_strategy": "cut",
      "source_field": "real_time",
      "target_field": "real_time",
      "extractor_config": {
        "regex_value": "^(.*)$"
      },
      "condition_type": "none",
      "condition_value": ""
    }
  ],
  "version": "3.2.6"
}
复制代码

 

posted @   leiuk  阅读(157)  评论(0编辑  收藏  举报
相关博文:
· graylog_indices
· mysql_log类别
· Vector日志收集
· graylog新建extractor grok
· Logstash日志解析的Grok模式详解
阅读排行:
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· 记一次.NET内存居高不下排查解决与启示
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
点击右上角即可分享
微信分享提示
AI FOR CODE 大赛