我需要为下面的 websphere 日志定义 grok grok 模式

【问题标题】:I need to define grok grok pattern for below websphere log我需要为下面的 websphere 日志定义 grok grok 模式
【发布时间】:2020-01-27 17:36:01
【问题描述】:

请帮我为以下日志创建 grok 模式:

{ "sysdate":"[08/Jun/2019:00:00:12 -0400]", "site":"abcd.net", "host":"hostnam.net", "method":"POST", "request":"/services/path", "querystring":"", "port":"4123", "username":"-", "cookie":"0000k1cgki:1f:1bv8tat", "coauthsessionid":"-", "clienthost":"44.25.14.241", "httpversion":"HTTP/1.1", "useragent":"-", "referer":"-", "responsestatus":"200", "subresponse":"0", "win32status":"0", "sbytes":"799", "cbytes":"0", "timetaken":"3595" }

【问题讨论】:

标签: logstash logstash-grok elk


【解决方案1】:

试试这个:

输入:

{"sysdate":"[08/Jun/2019:00:00:12 -0400]","site":"abcd.net","host":"hostnam.net", "method":"POST", "request":"/services/path", "querystring":"", "port":"4123", "username":"-", "cookie":"0000k1cgki:1f:1bv8tat", "coauthsessionid":"-", "clienthost":"44.25.14.241", "httpversion":"HTTP/1.1", "useragent":"-", "referer":"-", "responsestatus":"200", "subresponse":"0", "win32status":"0", "sbytes":"799", "cbytes":"0", "timetaken":"3595"}

GROK 模式:

\{"sysdate":"%{GREEDYDATA:sysdate}","site":"%{GREEDYDATA:site}","host":"%{GREEDYDATA:host}", "method":"%{GREEDYDATA:method}", "request":"%{GREEDYDATA:request}", "querystring":"%{GREEDYDATA:querystring}", "port":"%{GREEDYDATA:port}", "username":"%{GREEDYDATA:username}", "cookie":"%{GREEDYDATA:cookie}", "coauthsessionid":"%{GREEDYDATA:coauthsessionid}", "clienthost":"%{GREEDYDATA:clienthost}", "httpversion":"%{GREEDYDATA:httpversion}", "useragent":"%{GREEDYDATA:useragent}", "referer":"%{GREEDYDATA:referer}", "responsestatus":"%{GREEDYDATA:responsestatus}", "subresponse":"%{GREEDYDATA:subresponse}", "win32status":"%{GREEDYDATA:win32status}", "sbytes":"%{GREEDYDATA:sbytes}", "cbytes":"%{GREEDYDATA:cbytes}", "timetaken":"%{GREEDYDATA:timetaken}"\}

输出:

{
  "sysdate": [
    [
      "[08/Jun/2019:00:00:12 -0400]"
    ]
  ],
  "site": [
    [
      "abcd.net"
    ]
  ],
  "host": [
    [
      "hostnam.net"
    ]
  ],
  "method": [
    [
      "POST"
    ]
  ],
  "request": [
    [
      "/services/path"
    ]
  ],
  "querystring": [
    [
      ""
    ]
  ],
  "port": [
    [
      "4123"
    ]
  ],
  "username": [
    [
      "-"
    ]
  ],
  "cookie": [
    [
      "0000k1cgki:1f:1bv8tat"
    ]
  ],
  "coauthsessionid": [
    [
      "-"
    ]
  ],
  "clienthost": [
    [
      "44.25.14.241"
    ]
  ],
  "httpversion": [
    [
      "HTTP/1.1"
    ]
  ],
  "useragent": [
    [
      "-"
    ]
  ],
  "referer": [
    [
      "-"
    ]
  ],
  "responsestatus": [
    [
      "200"
    ]
  ],
  "subresponse": [
    [
      "0"
    ]
  ],
  "win32status": [
    [
      "0"
    ]
  ],
  "sbytes": [
    [
      "799"
    ]
  ],
  "cbytes": [
    [
      "0"
    ]
  ],
  "timetaken": [
    [
      "3595"
    ]
  ]
}

您可以使用this 进行grok 写作。

【讨论】:

  • 我认为这是一个糟糕的解决方案,因为它会在输入的第一次更改时中断。使用 json 过滤器会更好,因为它是有效的 json。
  • @baudsp 你的观点是正确的。但是 OP 已要求给定 json 的 grok 模式。所以我认为这个答案与 OP 的要求相符。您应该在问题评论部分向 OP 提出建议。
猜你喜欢
  • 1970-01-01
  • 1970-01-01
  • 2020-05-23
  • 1970-01-01
  • 2019-01-21
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode