<pre name="code" class="html">下面是日志的样子

55.3.244.1 GET /index.html 15824 0.043

正则的例子

%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}

配置文件里是怎么写得? 

input {

  file {

    path => “/var/log/http.log”

  }

}

filter {

  grok {

    match => [ "message", "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" ]

  }

}

解析后,是个什么样子? 

client: 55.3.244.1

method: GET

request: /index.html

bytes: 15824

duration: 0.043

/*********1

zjtest7-frontend:/usr/local/logstash-2.3.4/config# cat log01.conf

input {

  file {

    path => "/var/log/http.log"

  }

}

output {

 stdout {

  codec=>rubydebug{}

   }

 }

此时的输出

Pipeline main started

{

       "message" => "55.3.244.1 GET /index.html 15824 0.043",

      "@version" => "1",

    "@timestamp" => "2016-08-27T15:03:23.554Z",

          "path" => "/var/log/http.log",

          "host" => "0.0.0.0"

}

/***换成json呢?

zjtest7-frontend:/usr/local/logstash-2.3.4/config# ../bin/logstash -f log01.conf

Settings: Default pipeline workers: 1

Pipeline main started

{"message":"55.3.244.1 GET /index.html 15824 0.043","@version":"1","@timestamp":"2016-08-27T15:05:07.945Z","path":"/var/log/http.log","host":"0.0.0.0"}

/***分别发送到elasticsearch看下:

zjtest7-frontend:/usr/local/logstash-2.3.4/config# cat log01.conf

input {

  file {

    path => "/var/log/http.log"

  }

}

output {

      elasticsearch {

                hosts => "192.168.32.80:9200"

                index => "logstash-zjzc-test"

        }

		stdout {

			codec => rubydebug

		}

        }

输出:

Settings: Default pipeline workers: 1

Pipeline main started

{

       "message" => "55.3.244.1 GET /index.html 15824 0.043",

      "@version" => "1",

    "@timestamp" => "2016-08-27T15:08:00.336Z",

          "path" => "/var/log/http.log",

          "host" => "0.0.0.0"

}

elasticsearch:

{

    "_index": "logstash-zjzc-test",

    "_type": "logs",

    "_id": "AVbMiuMLEY-onx06xWo-",

    "_version": 1,

    "_score": 1,

    "_source": {

        "message": "55.3.244.1 GET /index.html 15824 0.043",

        "@version": "1",

        "@timestamp": "2016-08-27T15:08:00.336Z",

        "path": "/var/log/http.log",

        "host": "0.0.0.0"

    }

}

/*******使用grok 正则解析日志

zjtest7-frontend:/usr/local/logstash-2.3.4/config# cat log01.conf

input {

  file {

    path => "/var/log/http.log"

  }

}

filter {

  grok {

    match => [ "message", "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" ]

  }

}

output {

      elasticsearch {

                hosts => "192.168.32.80:9200"

                index => "logstash-zjzc-test"

        }

		stdout {

			codec => rubydebug

		}

        }

输出:

zjtest7-frontend:/usr/local/logstash-2.3.4/config# ../bin/logstash -f log01.conf

Settings: Default pipeline workers: 1

Pipeline main started

{

       "message" => "55.3.244.1 GET /index.html 15824 0.043",

      "@version" => "1",

    "@timestamp" => "2016-08-27T15:09:59.173Z",

          "path" => "/var/log/http.log",

          "host" => "0.0.0.0",

        "client" => "55.3.244.1",

        "method" => "GET",

       "request" => "/index.html",

         "bytes" => "15824",

      "duration" => "0.043"

}

elasticsearch:

{

    "_index": "logstash-zjzc-test",

    "_type": "logs",

    "_id": "AVbMjLJeEY-onx06xWpC",

    "_version": 1,

    "_score": 1,

    "_source": {

        "message": "55.3.244.1 GET /index.html 15824 0.043",

        "@version": "1",

        "@timestamp": "2016-08-27T15:09:59.173Z",

        "path": "/var/log/http.log",

        "host": "0.0.0.0",

        "client": "55.3.244.1",

        "method": "GET",

        "request": "/index.html",

        "bytes": "15824",

        "duration": "0.043"

    }

}


												


											
grok 正则解析日志例子<1>的更多相关文章
	

    
								
  1. logstash 使用grok正则解析日志
		
    http://xiaorui.cc/2015/01/27/logstash%E4%BD%BF%E7%94%A8grok%E6%AD%A3%E5%88%99%E8%A7%A3%E6%9E%90%E6%9 ...
    
		
    2. 
						
  2. Logstash使用grok插件解析Nginx日志
		
    grok表达式的打印复制格式的完整语法是下面这样的: %{PATTERN_NAME:capture_name:data_type}data_type 目前只支持两个值:int 和 float. 在线g ...
    
		
    3. 
						
  3. 使用logstash的grok插件解析springboot日志
		
    使用logstash的grok插件解析springboot日志 一.背景 二.解决思路 三.前置知识 四.实现步骤 1.准备测试数据 2.编写`grok`表达式 3.编写 logstash pipel ...
    
		
    4. 
						
  4. 使用Hive的正则解析器RegexSerDe分析nginx日志
		
    1.环境: hadoop-2.6.0 + apache-hive-1.2.0-bin 2.使用Hive分析nginx日志,站点的訪问日志部分内容为: cat /home/hadoop/hivetest ...
    
		
    5. 
						
  5. Logstash使用grok过滤nginx日志(二)
		
    在生产环境中,nginx日志格式往往使用的是自定义的格式,我们需要把logstash中的message结构化后再存储,方便kibana的搜索和统计,因此需要对message进行解析. 本文采用grok ...
    
		
    6. 
						
  6. python高效解析日志入库
		
    python脚本解析日志文件入库一般有三个重要的步骤:读文件.解析文件.入库.在这三个方面下功夫,可确保我们获得最优的性能(这里不讨论并发) 1 读文件:一次读一行,磁盘IO太多,效率低下:一次性读如 ...
    
		
    7. 
						
  7. elk系列7之通过grok分析apache日志【转】
		
    preface 说道分析日志,我们知道的采集方式有2种: 通过grok在logstash的filter里面过滤匹配. logstash --> redis --> python(py脚本过 ...
    
		
    8. 
						
  8. C语言解析日志,存储数据到伯克利DB
		
    编译命令 gcc -o dbwriter dbwriter.c -ldb dbwriter.c #include <assert.h> #include <stdlib.h>  ...
    
		
    9. 
						
  9. Grok 正则捕获
		
    Grok 正则捕获: \s+(?<request_time>\d+(?:\.\d+)?)\s+ 回顾下: (?:pattern) 匹 配 pattern 但不获取匹配结果,也就是说这是一个 ...
    
		
    10. 
		

	


随机推荐
	

    
									
  1. BZOJ 2876 骑行川藏
			
    http://www.lydsy.com/JudgeOnline/problem.php?id=2876 拉格朗日乘数法:f'+入g'=0,f为函数的导数,g为限制条件的导数. 思路:E=Σki*si ...
    
			
    2. 
						
  2. ArcGis API FOR Silverlight 做了个导航工具~
			
    原文 http://www.cnblogs.com/thinkaspx/archive/2012/08/08/2628214.html 转载请注明文章出处:http://www.cnblogs.com ...
    
			
    3. 
						
  3. 关于VMWARE虚拟机安装GHOST版XP后不能硬盘启动问题
			
    工具: VMware Workstation 9.0 Ghost xp sp3 中英 双语版 现象:建立硬盘分区,设置活动分区...ghost安装顺利,安装完成后不能硬盘启动,如果从硬盘启动则黑屏,出 ...
    
			
    4. 
						
  4. jquery validationEngine的使用
			
    1.引入文件 <script src="/js/jquery-1.4.2.min.js" type="text/javascript"></s ...
    
			
    5. 
						
  5. Android 操作系统的内存回收机制[转]
			
    转自:http://www.ibm.com/developerworks/cn/opensource/os-cn-android-mmry-rcycl/ Android APP 的运行环境 Andro ...
    
			
    6. 
						
  6. POJ 3259 Wormholes( bellmanFord判负环)
			
    Wormholes Time Limit: 2000MS   Memory Limit: 65536K Total Submissions: 36425   Accepted: 13320 Descr ...
    
			
    7. 
						
  7. 【转】android 电容屏(一):电容屏基本原理篇
			
    关键词:android  电容屏 tp  ITO 平台信息:内核:linux2.6/linux3.0系统:android/android4.0 平台:S5PV310(samsung exynos 42 ...
    
			
    8. 
						
  8. hdu 4751 Divide Groups(dfs染色  或  2-sat)
			
    Problem Description   This year is the 60th anniversary of NJUST, and to make the celebration more c ...
    
			
    9. 
						
  9. Hibernate框架(一)——总体介绍
			
    作为SSH三大框架之一的Hibernate,是用来把程序的Dao层和数据库打交道用的,它封装了JDBC的步骤,是我们对数据库的操作更加简单,更加快捷.利用Hibernate框架我们就可以不再编写重复的 ...
    
			
    10. 
						
  10. [python笔记][第二章Python序列-list]
			
    2016/1/27学习内容 第二章 Python序列-list list常用操作 list.append(x) list.extend(L) list.insert(index,x) list.rem ...
    
			
    11.