我是Logstash的新手,我尝试找到从此日志消息中提取数据的模式,在此我启用filebeat.yml中的模式以从日期读取到下一次出现日期。
2018-05-21 14:49:12
Mode:Managed Frequency:2.457 GHz Access Point: 88:D7:F6:68:C1:78
Bit Rate=144.4 Mb/s Tx-Power=22 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:on
link Quality=65/70 Signal level=-45 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:217 Missed beacon:0
grok{
timeout_millis => 60000
match=>["message", "%{TIMESTAMP_ISO8601:mytimestamp}%{SPACE:ip}%{GREEDYDATA:val}%{SPACE:ip}%{GREEDYDATA:val}%{SPACE:ip}%{GREEDYDATA:val}%{SPACE:ip}%{GREEDYDATA:val}%{SPACE:ip}%{GREEDYDATA:val}%{SPACE:ip}%{GREEDYDATA:val}(?<powerlevel>(?<=Signal level\=).*?(\s))"]
}
这给了_groktimeout
filter {
grok {
match => ["message", "%{TIMESTAMP_ISO8601:mytimestamp}",
"message", "(?<powerlevel>(?<=Signal level\=).*?(\s))"]
}
这仅提供时间戳,请有人可以帮助我从此日志中获取时间戳和信号电平
您还需要在日期和信号级别之间匹配数据。这可以使用GREEDYDATA
模式来完成。此外,您还需要匹配所有空格和\n
字符。
看看以下内容,
%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}(?m)%{GREEDYDATA:irrelevant_data}Signal level=%{NUMBER:Signal level}
它将匹配日期和Signal level
,
输出,
{
"YEAR": [
[
"2018"
]
],
"MONTHNUM": [
[
"05"
]
],
"MONTHDAY": [
[
"21"
]
],
"TIME": [
[
"14:49:12"
]
],
"HOUR": [
[
"14"
]
],
"MINUTE": [
[
"49"
]
],
"SECOND": [
[
"12"
]
],
"irrelevant_data": [
[
"\nMode:Managed Frequency:2.457 GHz Access Point: 88:D7:F6:68:C1:78 \nBit Rate=144.4 Mb/s Tx-Power=22 dBm \nRetry short limit:7 RTS thr:off Fragment thr:off\nPower Management:on\nlink Quality=65/70 "
]
],
"Signal": [
[
"-45"
]
],
"BASE10NUM": [
[
"-45"
]
]
}
您的grok筛选器将变为
filter {
grok {
match => ["message", "%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}(?m)%{GREEDYDATA:irrelevant_data}Signal level=%{NUMBER:Signal level}"]
}
}
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句