我正在使用 logstash-logback-encoder 将日志发送到 Elasticsearch。
特别是,我正在使用LoggingEventCompositeJsonEncoder
我的应用程序的日志类似于以下内容:
07/05/18 12:35:01.325 [main] INFO o.s.c.a.AnnotationConfigApplicationContext - Refreshing org.springframework.context.annotation.AnnotationConfigApplicationContext@49e5f737: startup date [Mon May 07 12:35:01 CEST 2018]; root of context hierarchy
...
07/05/18 12:35:01.932 [main] INFO o.s.j.e.a.AnnotationMBeanExporter - Registering beans for JMX exposure on startup
07/05/18 12:35:01.950 [main] INFO it.test.elk.ELKTestApplication - Started ELKTestApplication in 0.956 seconds (JVM running for 1.645)
07/05/18 12:35:01.952 [Thread-6] INFO o.s.c.a.AnnotationConfigApplicationContext - Closing org.springframework.context.annotation.AnnotationConfigApplicationContext@49e5f737: startup date [Mon May 07 12:35:01 CEST 2018]; root of context hierarchy
07/05/18 12:35:01.955 [Thread-6] INFO o.s.j.e.a.AnnotationMBeanExporter - Unregistering JMX-exposed beans on shutdown
我只想发送与it.test.elk 相关的日志。打包到弹性搜索。
你能用 grok 做吗?还是我必须专门配置 logback.log?