Logstash配置文档
# vim useTime.conf
input {
stdin{}
}
filter {
grok {
match => {
"message" =>
"\s+(?<API>调用.*(用时|异常)).*useTime=(?<useTime>\d+?)$"
}
}
}
output {
stdout{
codec => rubydebug
}
}
过滤正则表达示
\s+(?<API>调用.*(用时|异常))
--> 调用gz(广州银行)用时
useTime=(?<useTime>\d+?)$ --> useTime=251
测试的日志:
[07/29
00:01:17] [INFO] [[B10005-15]] impl.GzClientServiceImpl.exec:234 - 调用gz(广州银行)用时,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=251
[07/29
00:01:17] [INFO] [[B10005-15]] impl.GzClientServiceImpl.exec:234 - 调用gz(广州银行)异常,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=2510
测试结果:
[root@test
~]# /opt/logstash-2.3.4/bin/logstash -f useTime.conf
Settings:
Default pipeline workers: 1
Pipeline main
started
[07/29
00:01:17] [INFO] [[B10005-15]] impl.GzClientServiceImpl.exec:234 - 调用gz(广州银行)用时,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=251
{
"message" => "[07/29
00:01:17] [INFO] [[B10005-15]] impl.GzClientServiceImpl.exec:234 - 调用gz(广州银行)用时,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=251",
"@version" => "1",
"@timestamp" =>
"2016-07-30T15:09:21.376Z",
"host" =>
"0.0.0.0",
"API" => "调用gz(广州银行)用时",
"useTime" =>
"251"
}
[07/29
00:01:17] [INFO] [[B10005-15]] impl.GzClientServiceImpl.exec:234 - 调用gz(广州银行)异常,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=2510
{
"message" => "[07/29
00:01:17] [INFO] [[B10005-15]] impl.GzClientServiceImpl.exec:234 - 调用gz(广州银行)异常,URL=http://172.31.8.122:7040/corbankexpress/httpAccess,useTime=2510",
"@version" => "1",
"@timestamp" =>
"2016-07-30T15:09:28.885Z",
"host" =>
"0.0.0.0",
"API" => "调用gz(广州银行)异常",
"useTime" =>
"2510"
}
^CSIGINT
received. Shutting down the agent. {:level=>:warn}
stopping
pipeline {:id=>"main"}
Over!!
本文出自 “cexpert” 博客,请务必保留此出处http://cexpert.blog.51cto.com/5251990/1832216
原文地址:http://cexpert.blog.51cto.com/5251990/1832216
