嗨,我得到以下错误:
"tags" => [[0] "beats_input_codec_plain_applied",[1] "_grokparsefailure"]
我的logstash-sample.conf如下
input {beats {port => "5044"}}filter {grok {match => ["message","HTTPD20_ERRORLOG \[%{HTTPDERROR_DATE:timestamp}\] \[%{LOGLEVEL:loglevel}\] (?:\[client %{IPORHOST:clientip}\] )$}}output {stdout { codec => rubydebug }}
有人能帮我一下吗?我在这里干什么?也在模式中{loglevel:loglevel}](?:[客户%{iporhost:clientip}我需要指定loglevel和clientip吗?
我的日志示例:
2020-10-09 14:24:33,489 [Thread1] INFO ReceiverLogging- Connecting2020-10-09 14:24:34,166 [Thread1] INFO ReceiverLogging- Connected...2020-10-09 14:24:34,166 [Thread1] INFO ReceiverLogging- Getting folder...2020-10-09 14:24:34,167 [Thread1] INFO ReceiverLogging- Got folder2020-10-09 14:24:34,167 [Thread1] INFO ReceiverLogging- Opening folder2020-10-09 14:24:34,237 [Thread1] INFO ReceiverLogging- getting folder2020-10-09 14:24:34,247 [Thread-6] ERROR CheckLog Error While Connecting to Websocketjavax.websocket.DeploymentException: The HTTP request to initiate the WebSocket connection failedat org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:392)at org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:150)at global.services.WebSocketClient.<init>(WebSocketClient.java:33)at global.services.WebSocketClient.getInstance(WebSocketClient.java:51)at global.services.SchedulerThread.run(SchedulerThread.java:63)Caused by: java.util.concurrent.TimeoutExceptionat sun.nio.ch.PendingFuture.get(PendingFuture.java:197)at org.apache.tomcat.websocket.WsWebSocketContainer.processResponse(WsWebSocketContainer.java:674)at org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:340)... 4 more2020-10-09 14:24:34,248 [Thread-6] ERROR Exception- Error While Connecting to Websocket
请帮忙
1条答案
按热度按时间ruarlubt1#
首先,我建议大家学习一下grok的一些基本知识以及它是如何工作的。在答案末尾添加一些有用的资源。
日志中的当前模式类似于timestamp classname loglevel logmessage
对于下面问题中的日志示例,它是一个示例管道,但不确定是否需要多行来捕获堆栈跟踪。在这种情况下,可以扩展以下内容。
输出事件如下所示
初学者指南
grok调试器
基本格洛克模式