logstash解析tomcat的catalina.out日志字段

时间:2022-01-17 15:58:26
filter {

    mutate {

        remove_field => ["@version","prospector","input","beat","source","offset"]

    }

    grok {

        match => {

            "message" => "%{TIMESTAMP_ISO8601:access_time} %{LOGLEVEL:loglevel} \[%{DATA:exception_info}\] - \<%{MESSAGE:message}\>"

        }

        pattern_definitions => {

            "MESSAGE" => "[\s\S]*"

        }

    }

    date {

        match => [ "access_time","yyyy-MM-dd HH:mm:ss,SSS" ]

    }

    mutate {

        remove_field => ["access_time","[message][0]"]

    }

}

相关文章