filter-grok-match下的message遍历匹配直到命中或没有为止
可以匹配path截取,break_on_match用于多种匹配规则,比如下面有两个match希望都匹配
match => [
"message", "(?m)%{TIMESTAMP_ISO8601:datetime}\s+%{LOGLEVEL:loglevel}\s+%{SYSLOG5424SD:logger}\s%{NOTSPACE:thread}:\s%{GREEDYDATA:msg}",
"message", "(?m)%{TIMESTAMP_ISO8601:datetime}\s+%{LOGLEVEL:loglevel}\s+(?<location>(.*))\s-\s%{GREEDYDATA:msg}"
]
match => [
"path","\S+?-\S+?-%{WORD:source}\S+?\.log"
]
break_on_match => false
网友评论