小编Col*_*res的帖子

解析日志时,Logstash报告[0] _grokparsefailure

我有来自这种格式的日志.我已将logstash变量分配给下面的模式.我相信我已经使用随附的预定义Grok标记正确分配了这些元素.但是,当我运行logstash时,它反映:[0]"_ grokparsefailure"表示它无法解析请求.对于我的conf确实出错了,我感到很茫然.这里有没有人知道是什么原因造成的？我对logstash很新.提前致谢

1383834858 0 71.172.136.12 20097903 198.2.20.171 80 TCP_HIT/200 252 HEAD http://podcasts.someserver.com/80830A/podcasts.someserver.com/nyv/voice-film-club/2013/11/the-sexy-god -thor.mp3 - 0 355" - ""Podcasts/2.0"33546" - "

要么

%{BASE10NUM:timestamp} = 1383834858
%{BASE10NUM:time_taken} = 0
%{IP:clientip} = 71.172.136.12
%{BASE10NUM:filesize} = 20097903
%{IP:serverip} = 198.2.20.171
%{BASE10NUM:port} = 80
%{WORD:status_code} = TCP_HIT/200
%{BASE10NUM:sc_bytes} = 252
%{WORD:method} = HEAD
%{URI:cs_uri} = http://podcasts.someserver.com/80830A/podcasts.someserver.com/nyv/voice-   film-club/2013/11/the-sexy-god-thor.mp3
%{NOTSPACE:ignore2} = -
%{BASE10NUM:rs_duration} = 0
%{BASE10NUM:rs_bytes} = 355
%{QS:c_referrer} = "-"
%{QS:user_agent} = "Podcasts/2.0"
%{BASE10NUM:customerid} = 33546
%{QS:ignore} = "-"

Run Code Online (Sandbox Code Playgroud)

我的logstash.conf文件如下所示:

input {
    #wpa_media logs from the …

Run Code Online (Sandbox Code Playgroud)

redis elasticsearch logstash kibana logstash-grok

Col*_*res

2017 12-22

9
推荐指数

1
解决办法

4万
查看次数

标签统计

elasticsearch ×1

kibana ×1

logstash ×1

logstash-grok ×1

redis ×1

解析日志时,Logstash报告[0] _grokparsefailure

标签 统计

小编Col_res的帖子

标签统计