This repository has been archived by the owner on Oct 30, 2022. It is now read-only.
求指导一下,想提取 [ ] 里面的内容, 这种数据怎么用grok分割,参考了logstash的写法,没效果 #162
Comments
|
说一下你想要啥效果呢? |
|
就是上面那段文本,想要达到这样的效果 |
|
[%{TIMESTAMP_ISO8601:log_time}][%{LOG_LEVEL:level}\s*][%{DATA:indexType] |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
"[2020-07-17T09:21:22,629][INFO ][index.search.slowlog.query] [xxx] [xxx][4] took[753.7ms], took_millis[753], total_hits[1600383], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[990], source[{"size":500,"query":{"bool":{"must":[{"match_all":{"boost":1.0}},{"bool":{"should":[{"match_phrase":{"check_type":{"query":"4","slop":0,"zero_terms_query":"NONE","boost":1.0}}},{"match_phrase":{"check_type":{"query":"6","slop":0,"zero_terms_query":"NONE","boost":1.0}}}],"adjust_pure_negative":true,"minimum_should_match":"1","boost":1.0}},{"range":{"@timestamp":{"from":null,"to":null,"include_lower":true,"include_upper":true,"boost":1.0}}}],"adjust_pure_negative":true,"boost":1.0}},"version":true,"_source":{"includes":[],"excludes":[]},"stored_fields":"","docvalue_fields":["@timestamp","create_time"],"script_fields":{},"sort":[{"@timestamp":{"order":"desc","unmapped_type":"boolean"}}],"aggregations":{"2":{"date_histogram":{"field":"@timestamp","time_zone":"Asia/Shanghai","interval":"1d","offset":0,"order":{"_key":"asc"},"keyed":false,"min_doc_count":1}}},"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fragment_size":2147483647,"fields":{"":{}}}}], "
The text was updated successfully, but these errors were encountered: