<pre name="code" class="html">下面是日志的样子
55.3.244.1 GET /index.html 15824 0.043 正则的例子
%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration} 配置文件里是怎么写得? input {
file {
path => “/var/log/http.log”
}
}
filter {
grok {
match => [ "message", "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" ]
}
} 解析后,是个什么样子? client: 55.3.244.1
method: GET
request: /index.html
bytes: 15824
duration: 0.043 /*********1 zjtest7-frontend:/usr/local/logstash-2.3.4/config# cat log01.conf
input {
file {
path => "/var/log/http.log"
}
} output {
stdout {
codec=>rubydebug{}
}
}
此时的输出
Pipeline main started
{
"message" => "55.3.244.1 GET /index.html 15824 0.043",
"@version" => "1",
"@timestamp" => "2016-08-27T15:03:23.554Z",
"path" => "/var/log/http.log",
"host" => "0.0.0.0"
} /***换成json呢? zjtest7-frontend:/usr/local/logstash-2.3.4/config# ../bin/logstash -f log01.conf
Settings: Default pipeline workers: 1
Pipeline main started
{"message":"55.3.244.1 GET /index.html 15824 0.043","@version":"1","@timestamp":"2016-08-27T15:05:07.945Z","path":"/var/log/http.log","host":"0.0.0.0"} /***分别发送到elasticsearch看下: zjtest7-frontend:/usr/local/logstash-2.3.4/config# cat log01.conf
input {
file {
path => "/var/log/http.log"
}
} output {
elasticsearch {
hosts => "192.168.32.80:9200"
index => "logstash-zjzc-test"
}
stdout {
codec => rubydebug
}
} 输出:
Settings: Default pipeline workers: 1
Pipeline main started
{
"message" => "55.3.244.1 GET /index.html 15824 0.043",
"@version" => "1",
"@timestamp" => "2016-08-27T15:08:00.336Z",
"path" => "/var/log/http.log",
"host" => "0.0.0.0"
} elasticsearch:
{ "_index": "logstash-zjzc-test",
"_type": "logs",
"_id": "AVbMiuMLEY-onx06xWo-",
"_version": 1,
"_score": 1,
"_source": {
"message": "55.3.244.1 GET /index.html 15824 0.043",
"@version": "1",
"@timestamp": "2016-08-27T15:08:00.336Z",
"path": "/var/log/http.log",
"host": "0.0.0.0"
} } /*******使用grok 正则解析日志
zjtest7-frontend:/usr/local/logstash-2.3.4/config# cat log01.conf
input {
file {
path => "/var/log/http.log"
}
}
filter {
grok {
match => [ "message", "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" ]
}
} output {
elasticsearch {
hosts => "192.168.32.80:9200"
index => "logstash-zjzc-test"
}
stdout {
codec => rubydebug
}
} 输出:
zjtest7-frontend:/usr/local/logstash-2.3.4/config# ../bin/logstash -f log01.conf
Settings: Default pipeline workers: 1
Pipeline main started
{
"message" => "55.3.244.1 GET /index.html 15824 0.043",
"@version" => "1",
"@timestamp" => "2016-08-27T15:09:59.173Z",
"path" => "/var/log/http.log",
"host" => "0.0.0.0",
"client" => "55.3.244.1",
"method" => "GET",
"request" => "/index.html",
"bytes" => "15824",
"duration" => "0.043"
} elasticsearch:
{ "_index": "logstash-zjzc-test",
"_type": "logs",
"_id": "AVbMjLJeEY-onx06xWpC",
"_version": 1,
"_score": 1,
"_source": {
"message": "55.3.244.1 GET /index.html 15824 0.043",
"@version": "1",
"@timestamp": "2016-08-27T15:09:59.173Z",
"path": "/var/log/http.log",
"host": "0.0.0.0",
"client": "55.3.244.1",
"method": "GET",
"request": "/index.html",
"bytes": "15824",
"duration": "0.043"
} }

												

grok 正则解析日志例子<1>的更多相关文章

  1. logstash 使用grok正则解析日志

    http://xiaorui.cc/2015/01/27/logstash%E4%BD%BF%E7%94%A8grok%E6%AD%A3%E5%88%99%E8%A7%A3%E6%9E%90%E6%9 ...

  2. Logstash使用grok插件解析Nginx日志

    grok表达式的打印复制格式的完整语法是下面这样的: %{PATTERN_NAME:capture_name:data_type}data_type 目前只支持两个值:int 和 float. 在线g ...

  3. 使用logstash的grok插件解析springboot日志

    使用logstash的grok插件解析springboot日志 一.背景 二.解决思路 三.前置知识 四.实现步骤 1.准备测试数据 2.编写`grok`表达式 3.编写 logstash pipel ...

  4. 使用Hive的正则解析器RegexSerDe分析nginx日志

    1.环境: hadoop-2.6.0 + apache-hive-1.2.0-bin 2.使用Hive分析nginx日志,站点的訪问日志部分内容为: cat /home/hadoop/hivetest ...

  5. Logstash使用grok过滤nginx日志(二)

    在生产环境中,nginx日志格式往往使用的是自定义的格式,我们需要把logstash中的message结构化后再存储,方便kibana的搜索和统计,因此需要对message进行解析. 本文采用grok ...

  6. python高效解析日志入库

    python脚本解析日志文件入库一般有三个重要的步骤:读文件.解析文件.入库.在这三个方面下功夫,可确保我们获得最优的性能(这里不讨论并发) 1 读文件:一次读一行,磁盘IO太多,效率低下:一次性读如 ...

  7. elk系列7之通过grok分析apache日志【转】

    preface 说道分析日志,我们知道的采集方式有2种: 通过grok在logstash的filter里面过滤匹配. logstash --> redis --> python(py脚本过 ...

  8. C语言解析日志,存储数据到伯克利DB

    编译命令 gcc -o dbwriter dbwriter.c -ldb dbwriter.c #include <assert.h> #include <stdlib.h> ...

  9. Grok 正则捕获

    Grok 正则捕获: \s+(?<request_time>\d+(?:\.\d+)?)\s+ 回顾下: (?:pattern) 匹 配 pattern 但不获取匹配结果,也就是说这是一个 ...

随机推荐

  1. Linux下的摄影后期处理软件

    由于喜欢摄影,在LInux上折腾,想找一款能代替lightroom的软件.发现darktable这款软件专业.于是就安装了. 以下是在Linux上安装darktable的instruction,需要添 ...

  2. Android ListView实现圆角

    首先呢,我们还是看几个示图: 这种带有圆角的listview' 看起来很棒吧,确实是这样,其实也不能这么说,主要方形太多了,斯通见惯就不值钱了,“物以稀为贵嘛”. 就好比学java都搞androd,很 ...

  3. Linux dirname、basename(转)

    首先使用 --help 参数查看一下.basename命令参数很少,很容易掌握. $ basename --help 用法示例: $ basename /usr/bin/sort       输出&q ...

  4. jprofiler安装和配置

    转:http://www.cnblogs.com/adolfmc/archive/2013/06/09/3129358.html 注意:安装前先用rpm -q jprofiler查询linux上是否已 ...

  5. C#向文件写、读数据

    using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.T ...

  6. HMM的学习笔记1:前向算法

    HMM的学习笔记 HMM是关于时序的概率模型.描写叙述由一个隐藏的马尔科夫链随机生成不可观測的状态随机序列,再由各个状态生成不可观測的状态随机序列,再由各个状态生成一个观測而产生观測的随机过程. HM ...

  7. 不定义JQuery插件,不要说会JQuery[转载]

    http://www.cnblogs.com/xcj26/p/3345556.html 不定义JQuery插件,不要说会JQuery 一:导言 有些WEB开发者,会引用一个JQuery类库,然后在网页 ...

  8. linux/module.h: No such file or directory 内核模块编译过程

    1.缺少Linux kernel头文件 To install just the headers in Ubuntu: sudo apt-get install linux-headers-$(unam ...

  9. android中跨进程通讯的4种方式

    转自:http://blog.csdn.net/lyf_007217/article/details/8542359 帖子写的很好.看来一遍,试了一遍,感觉太有意义.必须转过来! android中跨进 ...

  10. JQ 模仿注册时等待的时间

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/ ...