grok 正则解析日志例子<1>

正则表达式 前端之家
前端之家收集整理的这篇文章主要介绍了grok 正则解析日志例子<1>前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
  1. <pre name="code" class="html">下面是日志的样子
  2. 55.3.244.1 GET /index.html 15824 0.043
  3.  
  4. 正则的例子
  5. %{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}
  6.  
  7. 配置文件里是怎么写得? 
  8.  
  9. input {
  10.   file {
  11.     path => “/var/log/http.log”
  12.   }
  13. }
  14. filter {
  15.   grok {
  16.     match => [ "message","%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" ]
  17.   }
  18. }
  19.  
  20. 解析后,是个什么样子? 
  21.  
  22. client: 55.3.244.1
  23. method: GET
  24. request: /index.html
  25. bytes: 15824
  26. duration: 0.043
  27.  
  28. /*********1
  29.  
  30. zjtest7-frontend:/usr/local/logstash-2.3.4/config# cat log01.conf 
  31. input {
  32.   file {
  33.     path => "/var/log/http.log"
  34.   }
  35. }
  36.  
  37.  
  38. output {
  39.  stdout {
  40.   codec=>rubydebug{}
  41.    }
  42.  }
  43. 此时的输出
  44. Pipeline main started
  45. {
  46.        "message" => "55.3.244.1 GET /index.html 15824 0.043","@version" => "1","@timestamp" => "2016-08-27T15:03:23.554Z","path" => "/var/log/http.log","host" => "0.0.0.0"
  47. }
  48.  
  49.  
  50. /***换成json呢?
  51.  
  52. zjtest7-frontend:/usr/local/logstash-2.3.4/config# ../bin/logstash -f log01.conf 
  53. Settings: Default pipeline workers: 1
  54. Pipeline main started
  55. {"message":"55.3.244.1 GET /index.html 15824 0.043","@version":"1","@timestamp":"2016-08-27T15:05:07.945Z","path":"/var/log/http.log","host":"0.0.0.0"}
  56.  
  57.  
  58. /***分别发送到elasticsearch看下:
  59.  
  60.  
  61. zjtest7-frontend:/usr/local/logstash-2.3.4/config# cat log01.conf 
  62. input {
  63.   file {
  64.     path => "/var/log/http.log"
  65.   }
  66. }
  67.  
  68.  
  69. output {
  70.       elasticsearch {
  71.                 hosts => "192.168.32.80:9200"
  72.                 index => "logstash-zjzc-test"
  73.         }
  74. 		stdout {
  75. 			codec => rubydebug
  76. 		}
  77.         }
  78.  
  79. 输出
  80. Settings: Default pipeline workers: 1
  81. Pipeline main started
  82. {
  83.        "message" => "55.3.244.1 GET /index.html 15824 0.043","@timestamp" => "2016-08-27T15:08:00.336Z","host" => "0.0.0.0"
  84. }
  85.  
  86. elasticsearch:
  87. {
  88.  
  89.     "_index": "logstash-zjzc-test","_type": "logs","_id": "AVbMiuMLEY-onx06xWo-","_version": 1,"_score": 1,"_source": {
  90.         "message": "55.3.244.1 GET /index.html 15824 0.043","@version": "1","@timestamp": "2016-08-27T15:08:00.336Z","path": "/var/log/http.log","host": "0.0.0.0"
  91.     }
  92.  
  93. }
  94.  
  95.  
  96. /*******使用grok 正则解析日志
  97. zjtest7-frontend:/usr/local/logstash-2.3.4/config# cat log01.conf 
  98. input {
  99.   file {
  100.     path => "/var/log/http.log"
  101.   }
  102. }
  103. filter {
  104.   grok {
  105.     match => [ "message","%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" ]
  106.   }
  107. }
  108.  
  109.  
  110. output {
  111.       elasticsearch {
  112.                 hosts => "192.168.32.80:9200"
  113.                 index => "logstash-zjzc-test"
  114.         }
  115. 		stdout {
  116. 			codec => rubydebug
  117. 		}
  118.         }
  119.  
  120.  
  121. 输出:
  122. zjtest7-frontend:/usr/local/logstash-2.3.4/config# ../bin/logstash -f log01.conf 
  123. Settings: Default pipeline workers: 1
  124. Pipeline main started
  125. {
  126.        "message" => "55.3.244.1 GET /index.html 15824 0.043","@timestamp" => "2016-08-27T15:09:59.173Z","host" => "0.0.0.0","client" => "55.3.244.1","method" => "GET","request" => "/index.html","bytes" => "15824","duration" => "0.043"
  127. }
  128.  
  129. elasticsearch:
  130. {
  131.  
  132.     "_index": "logstash-zjzc-test","_id": "AVbMjLJeEY-onx06xWpC","@timestamp": "2016-08-27T15:09:59.173Z","host": "0.0.0.0","client": "55.3.244.1","method": "GET","request": "/index.html","bytes": "15824","duration": "0.043"
  133.     }
  134.  
  135. }

猜你在找的正则表达式相关文章

常用正则表达式-手机号、身份证、邮箱
一、校验数字的表达式 1 数字:^[0-9]*$ 2 n位的数字:^d{n}$ 3 至少n位的数字:^d{n,}$ 4...
JS正则表达式详解
正则表达式非常有用,查找、匹配、处理字符串、替换和转换字符串,输入输出等。下面整理一...
组内正则培训记录
0. 注: 不同语言中的正则表达式实现都会有一些不同。下文中的代码示例除特别说明的外,都...
高级正则表达式技术(Python版)
 正则表达式是从信息中搜索特定的模式的一把瑞士军刀。它们是一个巨大的工具库,其中的...
史上最全最常用的正则表达式
一、校验数字的表达式 数字:^[0-9]*$ n位的数字:^\d{n}$ 至少n位的数字:^\d{n,...
正则表达式工具
正则表达式初步
分享5个可视化的正则表达式编辑工具
  正则表达式使用单个字符串来描述、匹配一系列符合某个句法规则的字符串。在很多文本编...
分享5个可视化的正则表达式编辑工具
正则表达式使用单个字符串来描述、匹配一系列符合某个句法规则的字符串。在很多文本编辑器...
[知识积累]--正则表达式记忆表
在工作中常常遇到正则表达式问题,有时候又会忘记这则的语法。 下面就分享一份正则表达式记...
算法设计模式多媒体技术正则表达式ElasticsearchFlinkHadoopIDE
受约束摘*day25Java常用类库置信lamda留存持续录入年后正则表达式303.17regularexpre多模20130322基础理论pathmunge涵义reectok需要转义的特资源分享validationex简明魔法里弄形如源码实现完备actionscript