语法清单logstash的神交

问题描述 投票:14回答:4

用于神交图案的语法%{语法:语义}。如何生成所有可用的语法关键字的列表?我知道,我可以使用神交调试器从文本发现模式。但有,我可以通过扫描一个列表?

logstash logstash-grok
4个回答
23
投票

他们在GIT和地方的分配包括在内。但它可能只是最简单的在线观看:

https://github.com/elasticsearch/logstash/blob/v1.4.0/patterns/grok-patterns


2
投票

该神交模式的文件现在在logstash-patterns-core库。假设你有它在你的文件系统的目录logstash-patterns-core克隆,你可以像这样的列出所有语法关键字发出命令:

$ find ./logstash-patterns-core/patterns -type f -exec awk '{print $1}' {} \; | grep "^[^#\ ]" | sort

由于犯6655856的,命令的输出(又名语法关键字的列表)看起来像这样(但请记住,这个名单不是一成不变的):

BACULA_CAPACITY
BACULA_DEVICE
BACULA_DEVICEPATH
BACULA_HOST
BACULA_JOB
BACULA_LOG_ALL_RECORDS_PRUNED
BACULA_LOG_BEGIN_PRUNE_FILES
BACULA_LOG_BEGIN_PRUNE_JOBS
BACULA_LOG_CANCELLING
BACULA_LOG_CLIENT_RBJ
BACULA_LOG_DIFF_FS
BACULA_LOG_DUPLICATE
BACULA_LOG_ENDPRUNE
BACULA_LOG_END_VOLUME
BACULA_LOG_FATAL_CONN
BACULA_LOG_JOB
BACULA_LOG_JOBEND
BACULA_LOGLINE
BACULA_LOG_MARKCANCEL
BACULA_LOG_MAX_CAPACITY
BACULA_LOG_MAXSTART
BACULA_LOG_NEW_LABEL
BACULA_LOG_NEW_MOUNT
BACULA_LOG_NEW_VOLUME
BACULA_LOG_NO_AUTH
BACULA_LOG_NO_CONNECT
BACULA_LOG_NOJOBS
BACULA_LOG_NOJOBSTAT
BACULA_LOG_NOOPEN
BACULA_LOG_NOOPENDIR
BACULA_LOG_NOPRIOR
BACULA_LOG_NOPRUNE_FILES
BACULA_LOG_NOPRUNE_JOBS
BACULA_LOG_NOSTAT
BACULA_LOG_NOSUIT
BACULA_LOG_PRUNED_FILES
BACULA_LOG_PRUNED_JOBS
BACULA_LOG_READYAPPEND
BACULA_LOG_STARTJOB
BACULA_LOG_STARTRESTORE
BACULA_LOG_USEDEVICE
BACULA_LOG_VOLUME_PREVWRITTEN
BACULA_LOG_VSS
BACULA_LOG_WROTE_LABEL
BACULA_TIMESTAMP
BACULA_VERSION
BACULA_VOLUME
BASE10NUM
BASE16FLOAT
BASE16NUM
BIND9
BIND9_TIMESTAMP
BRO_CONN
BRO_DNS
BRO_FILES
BRO_HTTP
CATALINA_DATESTAMP
CATALINALOG
CISCO_ACTION
CISCO_DIRECTION
CISCOFW104001
CISCOFW104002
CISCOFW104003
CISCOFW104004
CISCOFW105003
CISCOFW105004
CISCOFW105005
CISCOFW105008
CISCOFW105009
CISCOFW106001
CISCOFW106006_106007_106010
CISCOFW106014
CISCOFW106015
CISCOFW106021
CISCOFW106023
CISCOFW106100
CISCOFW106100_2_3
CISCOFW110002
CISCOFW302010
CISCOFW302013_302014_302015_302016
CISCOFW302020_302021
CISCOFW304001
CISCOFW305011
CISCOFW313001_313004_313008
CISCOFW313005
CISCOFW321001
CISCOFW402117
CISCOFW402119
CISCOFW419001
CISCOFW419002
CISCOFW500004
CISCOFW602303_602304
CISCOFW710001_710002_710003_710005_710006
CISCOFW713172
CISCOFW733100
CISCO_INTERVAL
CISCOMAC
CISCO_REASON
CISCOTAG
CISCO_TAGGED_SYSLOG
CISCOTIMESTAMP
CISCO_XLATE_TYPE
CLOUDFRONT_ACCESS_LOG
COMBINEDAPACHELOG
COMMONAPACHELOG
COMMONMAC
CRON_ACTION
CRONLOG
DATA
DATE
DATE_EU
DATESTAMP
DATESTAMP_EVENTLOG
DATESTAMP_OTHER
DATESTAMP_RFC2822
DATESTAMP_RFC822
DATE_US
DAY
ELB_ACCESS_LOG
ELB_REQUEST_LINE
ELB_URI
ELB_URIPATHPARAM
EMAILADDRESS
EMAILLOCALPART
EXIM_DATE
EXIM_EXCLUDE_TERMS
EXIM_FLAGS
EXIM_HEADER_ID
EXIM_INTERFACE
EXIM_MSGID
EXIM_MSG_SIZE
EXIM_PID
EXIM_PROTOCOL
EXIM_QT
EXIM_REMOTE_HOST
EXIM_SUBJECT
GREEDYDATA
HAPROXYCAPTUREDREQUESTHEADERS
HAPROXYCAPTUREDRESPONSEHEADERS
HAPROXYDATE
HAPROXYHTTP
HAPROXYHTTPBASE
HAPROXYTCP
HAPROXYTIME
HOSTNAME
HOSTPORT
HOUR
HTTPD20_ERRORLOG
HTTPD24_ERRORLOG
HTTPDATE
HTTPD_COMBINEDLOG
HTTPD_COMMONLOG
HTTPDERROR_DATE
HTTPD_ERRORLOG
HTTPDUSER
INT
IP
IPORHOST
IPV4
IPV6
ISO8601_SECOND
ISO8601_TIMEZONE
JAVACLASS
JAVACLASS
JAVAFILE
JAVAFILE
JAVALOGMESSAGE
JAVAMETHOD
JAVASTACKTRACEPART
JAVATHREAD
LOGLEVEL
MAC
MAVEN_VERSION
MCOLLECTIVE
MCOLLECTIVEAUDIT
MCOLLECTIVEAUDIT
MINUTE
MONGO3_COMPONENT
MONGO3_LOG
MONGO3_SEVERITY
MONGO_LOG
MONGO_QUERY
MONGO_SLOWQUERY
MONGO_WORDDASH
MONTH
MONTHDAY
MONTHNUM
MONTHNUM2
NAGIOS_CURRENT_HOST_STATE
NAGIOS_CURRENT_SERVICE_STATE
NAGIOS_EC_DISABLE_HOST_CHECK
NAGIOS_EC_DISABLE_HOST_NOTIFICATIONS
NAGIOS_EC_DISABLE_HOST_SVC_NOTIFICATIONS
NAGIOS_EC_DISABLE_SVC_CHECK
NAGIOS_EC_DISABLE_SVC_NOTIFICATIONS
NAGIOS_EC_ENABLE_HOST_CHECK
NAGIOS_EC_ENABLE_HOST_NOTIFICATIONS
NAGIOS_EC_ENABLE_HOST_SVC_NOTIFICATIONS
NAGIOS_EC_ENABLE_SVC_CHECK
NAGIOS_EC_ENABLE_SVC_NOTIFICATIONS
NAGIOS_EC_LINE_DISABLE_HOST_CHECK
NAGIOS_EC_LINE_DISABLE_HOST_NOTIFICATIONS
NAGIOS_EC_LINE_DISABLE_HOST_SVC_NOTIFICATIONS
NAGIOS_EC_LINE_DISABLE_SVC_CHECK
NAGIOS_EC_LINE_DISABLE_SVC_NOTIFICATIONS
NAGIOS_EC_LINE_ENABLE_HOST_CHECK
NAGIOS_EC_LINE_ENABLE_HOST_NOTIFICATIONS
NAGIOS_EC_LINE_ENABLE_HOST_SVC_NOTIFICATIONS
NAGIOS_EC_LINE_ENABLE_SVC_CHECK
NAGIOS_EC_LINE_ENABLE_SVC_NOTIFICATIONS
NAGIOS_EC_LINE_PROCESS_HOST_CHECK_RESULT
NAGIOS_EC_LINE_PROCESS_SERVICE_CHECK_RESULT
NAGIOS_EC_LINE_SCHEDULE_HOST_DOWNTIME
NAGIOS_EC_PROCESS_HOST_CHECK_RESULT
NAGIOS_EC_PROCESS_SERVICE_CHECK_RESULT
NAGIOS_EC_SCHEDULE_HOST_DOWNTIME
NAGIOS_EC_SCHEDULE_SERVICE_DOWNTIME
NAGIOS_HOST_ALERT
NAGIOS_HOST_DOWNTIME_ALERT
NAGIOS_HOST_EVENT_HANDLER
NAGIOS_HOST_FLAPPING_ALERT
NAGIOS_HOST_NOTIFICATION
NAGIOSLOGLINE
NAGIOS_PASSIVE_HOST_CHECK
NAGIOS_PASSIVE_SERVICE_CHECK
NAGIOS_SERVICE_ALERT
NAGIOS_SERVICE_DOWNTIME_ALERT
NAGIOS_SERVICE_EVENT_HANDLER
NAGIOS_SERVICE_FLAPPING_ALERT
NAGIOS_SERVICE_NOTIFICATION
NAGIOSTIME
NAGIOS_TIMEPERIOD_TRANSITION
NAGIOS_TYPE_CURRENT_HOST_STATE
NAGIOS_TYPE_CURRENT_SERVICE_STATE
NAGIOS_TYPE_EXTERNAL_COMMAND
NAGIOS_TYPE_HOST_ALERT
NAGIOS_TYPE_HOST_DOWNTIME_ALERT
NAGIOS_TYPE_HOST_EVENT_HANDLER
NAGIOS_TYPE_HOST_FLAPPING_ALERT
NAGIOS_TYPE_HOST_NOTIFICATION
NAGIOS_TYPE_PASSIVE_HOST_CHECK
NAGIOS_TYPE_PASSIVE_SERVICE_CHECK
NAGIOS_TYPE_SERVICE_ALERT
NAGIOS_TYPE_SERVICE_DOWNTIME_ALERT
NAGIOS_TYPE_SERVICE_EVENT_HANDLER
NAGIOS_TYPE_SERVICE_FLAPPING_ALERT
NAGIOS_TYPE_SERVICE_NOTIFICATION
NAGIOS_TYPE_TIMEPERIOD_TRANSITION
NAGIOS_WARNING
NETSCREENSESSIONLOG
NONNEGINT
NOTSPACE
NUMBER
PATH
POSINT
POSTGRESQL
PROG
QS
QUOTEDSTRING
RAILS3
RAILS3FOOT
RAILS3HEAD
RAILS3PROFILE
RCONTROLLER
REDISLOG
REDISMONLOG
REDISTIMESTAMP
RPROCESSING
RT_FLOW1
RT_FLOW2
RT_FLOW3
RT_FLOW_EVENT
RUBY_LOGGER
RUBY_LOGLEVEL
RUUID
S3_ACCESS_LOG
S3_REQUEST_LINE
SECOND
SFW2
SHOREWALL
SPACE
SQUID3
SYSLOG5424BASE
SYSLOG5424LINE
SYSLOG5424PRI
SYSLOG5424PRINTASCII
SYSLOG5424SD
SYSLOGBASE
SYSLOGBASE2
SYSLOGFACILITY
SYSLOGHOST
SYSLOGLINE
SYSLOGPAMSESSION
SYSLOGPROG
SYSLOGTIMESTAMP
TIME
TIMESTAMP_ISO8601
TOMCAT_DATESTAMP
TOMCATLOG
TTY
TZ
UNIXPATH
URI
URIHOST
URIPARAM
URIPATH
URIPATHPARAM
URIPROTO
URN
USER
USERNAME
UUID
WINDOWSMAC
WINPATH
WORD
YEAR

1
投票

如果您已经安装Logstash作为一个包,他们可以在/选择/ logstash /模式/神交图案被发现。


1
投票

您可以查看使用以下命令:

# find / -name patterns

/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.5/patterns

/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.5/lib/logstash/patterns

只需浏览到该目录

# cd  /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.5/patterns

在这里,你有模式的完整列表

aws                   exim                  haproxy            
linux-syslog          mongodb               rails
bacula                firewalls             java                  mcollective           nagios                redis
bro                   grok-patterns         junos                 mcollective-patterns  postgresql            ruby
© www.soinside.com 2019 - 2024. All rights reserved.