elasticsearch Logstash配置未编译

yduiuuwa  于 2023-01-20  发布在  ElasticSearch
关注(0)|答案(1)|浏览(169)

我在多个服务器/应用程序上使用filebeat,这些服务器a应用程序都提供给logstash,我想使用一个logstash配置来解析一个特定类型的日志并应用grok模式,同时像往常一样处理其余的日志。

input {
  beats {
    port => 5044
    type => "log"
  }
}
filter {
  if [fields][type] == "transaction_router" {
  }
  grok {
    break_on_match => false
    match => { 
      "message" => "%{DATE_US:date} %{TIME:timestamp},%{LOGLEVEL:loglevel} : %{DATA:component},%{DATA:log_level},\[%{DATA:chainCode}:%{DATA:storeCode}:%{DATA:terminalCode}:%{DATA:sequenceNumber}:%{DATA:userName}:%{DATA:clientTransactionID}]\[src=%{DATA:sourceUrl},fwd="%{DATA:forwardURL}",ses=%{DATA:session},ot=%{DATA:originalTransactionType},tt=%{DATA:currentTransactionType},amt=%{DATA:amount},rsp=%{DATA:hostResponse},card=%{DATA:card}] Response from host %{GREEDYDATA:responseFromHost}" 
    }
  }
}
output {
  stdout {
    codec => rubydebug
  }
  elasticsearch {
    hosts => ["redacted:9200"]
    index => "logstash-%{+YYYY.MM.dd}"
    user => "redacted"
    password => "redacted"
  }
}

我在kibana grok调试器中测试了这个模式,它在那里工作,所以我不确定出了什么问题,但是这个配置我得到了下面的错误:

[2023-01-12T16:42:42,965][ERROR][logstash.agent           ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of [ \\t\\r\\n], \"#\", \"{\", \"}\" at line 12, column 281 (byte 438) after filter {\n  if [fields][type] == \"transaction_router\"{\n    }\n    grok {\n      break_on_match => false\n      match => { \"message\" => \"%{DATE_US:date} %{TIME:timestamp},%{LOGLEVEL:loglevel} : %{DATA:component},%{DATA:log_level},\\[%{DATA:chainCode}:%{DATA:storeCode}:%{DATA:terminalCode}:%{DATA:sequenceNumber}:%{DATA:userName}:%{DATA:clientTransactionID}]\\[src=%{DATA:sourceUrl},fwd=\"", :backtrace=>["C:/logstash/logstash-core/lib/logstash/compiler.rb:32:in `compile_imperative'", "org/logstash/execution/AbstractPipelineExt.java:187:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:72:in `initialize'", "C:/logstash/logstash-core/lib/logstash/java_pipeline.rb:47:in `initialize'", "C:/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:52:in `execute'", "C:/logstash/logstash-core/lib/logstash/agent.rb:391:in `block in converge_state'"]}
elasticsearch

1条答案

按热度按时间
qnakjoqk

qnakjoqk1#

转义特殊字符(如"“、”[“和,”“)时似乎存在一些问题。请尝试以下代码

grok {
  break_on_match => false
  match => { "message" => "%{DATE_US:date} %{TIME:timestamp}\,%{LOGLEVEL:loglevel} \: %{DATA:component}\,%{DATA:log_level}\,\[%{DATA:chainCode}\:%{DATA:storeCode}\:%{DATA:terminalCode}\:%{DATA:sequenceNumber}\:%{DATA:userName}\:%{DATA:clientTransactionID}\]\[src=%{DATA:sourceUrl}\,fwd=\"%{DATA:forwardURL}\"\,ses=%{DATA:session}\,ot=%{DATA:originalTransactionType}\,tt=%{DATA:currentTransactionType}\,amt=%{DATA:amount}\,rsp=%{DATA:hostResponse}\,card=%{DATA:card}\] Response from host %{GREEDYDATA:responseFromHost}" }
  }
赞(0)分享  回复(0)举报  2023-01-20
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com