some questions about the use of parse_grok #20355
Unanswered
yanming-zhang
asked this question in
Q&A
Replies: 2 comments
-
|
please help me look at this issue |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
A note for the community
I use vector consume from kafka, then parse log format by parse_grok, but it can not work
such as my example log, regex pattern infomation:
example log
[2024-04-22 14:43:43.385] [ INFO] [hs-msc-proxy,TID:ace6121994f8449ebc7965a8f2815ff4.121.17137682228980013,,] [1] [ XNIO-1 task-12] [c.r.m.p.channel.service.HsYCardService.batchYiDCardQuery(90)] : [batchYiDCardQuery]获取签名Sign:kGA0xSObIDNvlMElsopm1KJ43JSfiDCGFVj3ctz5yIkIHWT6GdIX3cx1q/fBS2jSdCe02eEOScTjRM5CSIVCAT3gdE5J8Nm76ANQPaQefUd9A+XB3UBoN3AboZCaI4V/X0ljjuVB14K1JfCh6QV7gWmwPe+/mvSlCSbF/WCsMeM=
regex pattern
^[%{TIMESTAMP_ISO8601:logtime}]\s*[\s*%{LOGLEVEL:loglevel}]\s*[%{USERNAME:appname},(?[a-zA-Z0-9.:/]+)?,(?[a-zA-Z0-9.:]+)?,(?\w+)?]\s*[%{INT:pid}]\s*[\s*(?[a-zA-Z0-9_. -]+)]\s*%{NOTSPACE:logger}\s*:(?.*)
above regex pattern refer logstash
Beta Was this translation helpful? Give feedback.
All reactions