Logstash神交解析器不工作的错误日志

问题描述 投票:0回答:1

我试图解析使用Logstash捕捉到一些领域尤其是errormessage的错误日志。但无法捕捉的ErrorMessage中Logstash。下面是我写的实际的错误信息和解析器

     12345 http://google.com 2017-04-17 09:02:43.065 ERROR 10479 --- [http-nio-8052-exec-2] com.utilities.TokenUtils     : Error

org.xml.SAXParseException: An invalid XML character (Unicode: 0xe) was found in the value of attribute "ID" and element is "saml".
    at org.apache.parsers.DOMParser.parse(Unknown Source)
    at org.apache.jaxp.DocumentBuilderImpl.parse(Unknown Source)
    at javax.parsers.DocumentBuilder.parse(DocumentBuilder.java:121)
    at com.utilities.TokenUtils.validateSignature(TokenUtils.java:99)

分析器:

`%{NOTSPACE:stnum}\s*%{NOTSPACE:requestURL}\s*%{TIMESTAMP_ISO8601:log_timestamp}\s*%{LOGLEVEL:loglevel}\s*%{NUMBER:pid}\s*---\s*\[(?<thread>[A-Za-z0-9-]+)\]\s*%{DATA:class}\s*:\s%{NOTSPACE:level}\s*(?<errormessage>.[^\n]*).[^\n]*`

我试图捕捉从日志这样的信息:

org.xml.SAXParseException: An invalid XML character (Unicode: 0xe) was found in the value of attribute "ID" and element is "saml".
elasticsearch logstash kibana logstash-grok
1个回答
1
投票

这logstash解析器使用的是?请提供同时的conf文件,它可以给我们更多的信息。下面是从日志解析异常类型(使用神交过滤器)的样品。

filter {
grok {
match => ["message", "%{DATA:errormessage} %{GREEDYDATA:EXTRA}"]
}
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.