9

在我的 logstash 日志中,有时会有空行或只有空格的行。

为了删除空行,我创建了一个 dropemptyline 过滤器文件

# drop empty lines
filter {
    if [message] =~ /^\s*$/ {
        drop { }
    }
}

但是空行过滤器没有按预期工作,主要是因为这个特定的过滤器位于其他过滤器链中,之后有过滤器。

00_input.conf
05_syslogfilter.conf
06_dropemptylines.conf
07_classifier.conf

所以我认为如果我的特定过滤器是唯一的过滤器,但它不是。

2015-02-11 15:02:12.347  WARN 1 --- [tp1812226644-23] o.eclipse.jetty.servlet.ServletHandler   : 

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.dao.DataAccessResourceFailureException: Timed out after 10000 ms while waiting for a server that matches AnyServerSelector{}. Client view of cluster state is {type=Unknown, servers=[{address=mongo:27017, type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: Exception opening the socket}, caused by {java.net.UnknownHostException: mongo: unknown error}}]; nested exception is com.mongodb.MongoTimeoutException: Timed out after 10000 ms while waiting for a server that matches AnyServerSelector{}. Client view of cluster state is {type=Unknown, servers=[{address=mongo:27017, type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: Exception opening the socket}, caused by {java.net.UnknownHostException: mongo: unknown error}}]

我的问题是如何退出所有过滤器并直接进入输出?

4

1 回答 1

2

您可以使用grok过滤器完全忽略空行,

%{GREEDYDATA:1st}(\n{1,})%{GREEDYDATA:2nd}

它会产生,

{
  "1st": [
    [
      "2015-02-11 15:02:12.347  WARN 1 --- [tp1812226644-23] o.eclipse.jetty.servlet.ServletHandler   : "
    ]
  ],
  "2nd": [
    [
      "org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.dao.DataAccessResourceFailureException: Timed out after 10000 ms while waiting for a server that matches AnyServerSelector{}. Client view of cluster state is {type=Unknown, servers=[{address=mongo:27017, type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: Exception opening the socket}, caused by {java.net.UnknownHostException: mongo: unknown error}}]; nested exception is com.mongodb.MongoTimeoutException: Timed out after 10000 ms while waiting for a server that matches AnyServerSelector{}. Client view of cluster state is {type=Unknown, servers=[{address=mongo:27017, type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: Exception opening the socket}, caused by {java.net.UnknownHostException: mongo: unknown error}}]"
    ]
  ]
}

或更优雅的方式,

(?m)%{GREEDYDATA:log}

输出:

{
  "log": [
    [
      "2015-02-11 15:02:12.347  WARN 1 --- [tp1812226644-23] o.eclipse.jetty.servlet.ServletHandler   : \n\n\n\norg.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.dao.DataAccessResourceFailureException: Timed out after 10000 ms while waiting for a server that matches AnyServerSelector{}. Client view of cluster state is {type=Unknown, servers=[{address=mongo:27017, type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: Exception opening the socket}, caused by {java.net.UnknownHostException: mongo: unknown error}}]; nested exception is com.mongodb.MongoTimeoutException: Timed out after 10000 ms while waiting for a server that matches AnyServerSelector{}. Client view of cluster state is {type=Unknown, servers=[{address=mongo:27017, type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: Exception opening the socket}, caused by {java.net.UnknownHostException: mongo: unknown error}}]"
    ]
  ]
}
于 2018-05-10T05:30:37.947 回答