logstash multiline 过滤 mysql slowlog 和java log
在logstash的输出中,每行开头都会加上timestamp 因此,对于mysql slowlog和java log多行输出格式,就显得画蛇添足了;不过,logstash提供了multiline 功能
filter {
# 如果是以# Time开头的就开始新一行
if == 'slowlog' {
multiline {
what => next
pattern => "^# Time:"
# 如果是# +@开头的合并到上一行 }
multiline {
what => previous
negate => true
pattern => "^# +@"
}
}
# match java log
if == 'java' {
multiline {
pattern => "^%{TIMESTAMP_ISO8601} "
negate => true
what => previous
}
}
}
楼主请教下,我在filter 里面写 multiline,报错:
Couldn't find any filter plugin named 'multiline'. Are you sure this is correct?
你知道是什么原因吗? 请问pattern => "^atabcd"at 后面有空格,这种怎么写呢? 请问pattern => "^atabcd"at 后面有空格,这种怎么写呢?
页:
[1]