日志:
[2021-01-27T11:51:18,838][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"C:\Pippo\logstash-7.6.1\data\dead_letter_queue"}
我建议您使用grokdebug在线工具,它对这种用例非常有用。这是第一个grok表达式,它与数据行的一个必选项相匹配:
[%{TIMESTAMP_ISO8601:timestamp}][%{LOGLEVEL:level} ][%{GREEDYDATA:class}] %{GREEDYDATA:action} {:setting=>"%{GREEDYDATA:setting}", :path=>"%{PATH:path}"}
这个表达式是您的用例的起点。这个grok表达式的结果是:
{
"timestamp": [
[
"2021-01-27T11:51:18,838"
]
],
"YEAR": [
[
"2021"
]
],
"MONTHNUM": [
[
"01"
]
],
"MONTHDAY": [
[
"27"
]
],
"HOUR": [
[
"11",
null
]
],
"MINUTE": [
[
"51",
null
]
],
"SECOND": [
[
"18,838"
]
],
"ISO8601_TIMEZONE": [
[
null
]
],
"level": [
[
"INFO"
]
],
"class": [
[
"logstash.setting.writabledirectory"
]
],
"action": [
[
"Creating directory"
]
],
"setting": [
[
"path.dead_letter_queue"
]
],
"path": [
[
"C:\Pippo\logstash-7.6.1\data\dead_letter_queue"
]
],
"UNIXPATH": [
[
null
]
],
"WINPATH": [
[
"C:\Pippo\logstash-7.6.1\data\dead_letter_queue"
]
]
}