24.graylog日志分流

发表于 linux 分类,标签:
08 07月 2022
0

1.在system中grok patterns新增

BE_logs_message

%{GREEDYDATA}ip=%{IPV4: ip}%{SPACE}biz_id=%{GREEDYDATA: biz_id}%{SPACE}ts=%{GREEDYDATA: real_time}%{SPACE}req_id=%{GREEDYDATA:req_id}%{SPACE}msg:%{GREEDYDATA}%{GREEDYDATA}

2.Extractors of BE-logs

{
  "extractors": [
    {
      "title": "runtime",
      "extractor_type": "regex",
      "converters": [],
      "order": 0,
      "cursor_strategy": "copy",
      "source_field": "message",
      "target_field": "runtime",
      "extractor_config": {
        "regex_value": "(?i)([0-9].[0-9]+(?=[^0-9]*$))"
      },
      "condition_type": "none",
      "condition_value": ""
    },
    {
      "title": "BE-logs-message",
      "extractor_type": "grok",
      "converters": [],
      "order": 0,
      "cursor_strategy": "copy",
      "source_field": "message",
      "target_field": "",
      "extractor_config": {
        "grok_pattern": "%{BE_logs_message}",
        "named_captures_only": true
      },
      "condition_type": "none",
      "condition_value": ""
    },
    {
      "title": "BE-logs-real_time",
      "extractor_type": "regex",
      "converters": [
        {
          "type": "date",
          "config": {
            "date_format": "yyyy-MM-dd HH:mm:ss",
            "time_zone": "Asia/Shanghai",
            "locale": "zh-CN"
          }
        }
      ],
      "order": 0,
      "cursor_strategy": "cut",
      "source_field": "real_time",
      "target_field": "real_time",
      "extractor_config": {
        "regex_value": "^(.*)$"
      },
      "condition_type": "none",
      "condition_value": ""
    }
  ],
  "version": "3.2.6"
}

3.Extractors of test-BE-logs

{
  "extractors": [
    {
      "title": "test-BE-logs-message",
      "extractor_type": "grok",
      "converters": [],
      "order": 0,
      "cursor_strategy": "copy",
      "source_field": "message",
      "target_field": "",
      "extractor_config": {
        "grok_pattern": "%{BE_logs_message}",
        "named_captures_only": true
      },
      "condition_type": "none",
      "condition_value": ""
    },
    {
      "title": "test-BE-logs-real_time",
      "extractor_type": "regex",
      "converters": [
        {
          "type": "date",
          "config": {
            "date_format": "yyyy-MM-dd HH:mm:ss",
            "time_zone": "Asia/Shanghai",
            "locale": "zh"
          }
        }
      ],
      "order": 0,
      "cursor_strategy": "cut",
      "source_field": "real_time",
      "target_field": "real_time",
      "extractor_config": {
        "regex_value": "^(.*)$"
      },
      "condition_type": "none",
      "condition_value": ""
    }
  ],
  "version": "3.2.6"
}


0 篇评论

发表我的评论