本文主要是介绍【ELK日志采集】filebeat日志采集及错误Provided Grok expressions do not match field value解决,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
1、文档使用工具:
图形化:kibana_6.7.1
数据存储:elasticsearch-6.7.1
日志采集:filebeat-6.7.1
以下模拟日志数据采集使用工具是:
Kibana >> Dev Tools >> Console
2、两种样例数据
样例1为异常数据格式
2022-02-16 18:15:11 10.10.11.2 os[7028]: 2022 RAC:root login from 172.17.199.200
样例2为正常需求数据格式
2022-02-19 10:56:37 10.10.80.18 Severity: Informational, Category: Storage, MessageID: CTL37, Message: A Patrol Read operation started for RAID Controller in Slot 7
3、初始定义pipeline规则
PUT /_ingest/pipeline/idrac-pipeline_v2?pretty
{"description" : "Pipeline for parsing idrac logs.","processors" : [{"grok" : {"field" : "_source.message","patterns" : ["%{MY_DATETIME:time} %{IPORHOST:server_ip} Severity: %{DATA:Severity}, Category: %{DATA:Category}, MessageID: %{DATA:MessageID}, Message: %{GREEDYDATA:Message}"],"pattern_definitions" : {"MY_DATE" : "%{YEAR}[/-]%{MONTHNUM}[/-]%{MONTHDAY}","MY_TIME" : "[0-9][0-9]:[0-9][0-9]:[0-9][0-9]","MY_DATETIME" : "%{MY_DATE} %{MY_TIME}"}}},{"date" : {"field" : "time","target_field" : "@timestamp","formats" : ["yyyy-MM-dd HH:mm:ss||yyyy-MM-dd||yyyy/MM/dd||yyyy/MM/dd HH:mm:ss||EEE M这篇关于【ELK日志采集】filebeat日志采集及错误Provided Grok expressions do not match field value解决的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
