Logstash pattern 例子,就以Websphere为例:
e.g.
LEVEL (\w)
LOG1 (%{GREEDYDATA:envname}(\s+)=(\s+)%{PATH:envpath})
LOG2 (Java version = %{GREEDYDATA:javaversion}, Java Compiler = %{GREEDYDATA:javacompiler}, Java VM name = %{GREEDYDATA:javavm})
LOG3 (\[%{DATESTAMP:datetime}(\s+)%{TZ}\](\s+)%{INT}(\s+)%{WORD:category}(\s+)(%{LEVEL:level})(\s+)%{GREEDYDATA:detail})
WEBS_LOGLINE_ALL (%{LOG1}|%{LOG2}|%{LOG3})
\w - 一个单词
%{GREEDYDATA:envname} - 调用Grok库里的%{GREEDYDATA},match任何字符;重命名为envname
\s+ - \s表空格,+表1个或无穷多个
%{PATH:envpath} - 调用Grok库里的%{PATH},match Unix或Windows路径;重命名为envpath
| - 表‘或’的关系
测试Log:
was.install.root = /opt/IBM/WebSphere/AppServer
Java version = 1.6.0, Java Compiler = j9j