1571394459,http://127.0.0.1/my/course/4|10.135.46.111|200,status:DEAD,
{"processors": [{"type": "processor_split_delimiter","detail": {"Delimiter": ",","ExtractKeys": [ "time", "msg1","msg2"]},"processors": [{"type": "processor_timeformat","detail": {"KeepSource": true,"TimeFormat": "%s","SourceKey": "time"}},{"type": "processor_split_delimiter","detail": {"KeepSource": false,"Delimiter": "|","SourceKey": "msg1","ExtractKeys": [ "submsg1","submsg2","submsg3"]},"processors": []},{"type": "processor_split_key_value","detail": {"KeepSource": false,"Delimiter": ":","SourceKey": "msg2"}}]}]}
time: 1571394459submsg1: http://127.0.0.1/my/course/4submsg2: 10.135.46.111submsg3: 200status: DEAD
Plugin Feature | Plugin Name | Feature Description |
Field extraction | processor_log_string | Performs multi-character (line breaks) parsing of fields, typically for single-line logs. |
Field extraction | processor_multiline | Performs first-line regex parsing of fields (full regex mode), typically for multi-line logs. |
Field extraction | processor_multiline_fullregex | Performs first-line regex parsing of fields (full regex mode), typically for multi-line logs; extracts regexes from multi-line logs. |
Field extraction | processor_fullregex | Extracts fields (full regex mode) from single-line logs. |
Field extraction | processor_json | Expands field values in JSON format. |
Field extraction | processor_split_delimiter | Extracts fields (single-/multi-character separator mode). |
Field extraction | processor_split_key_value | Extracts fields (key-value pair mode). |
Field processing | processor_drop | Discards fields. |
Field processing | processor_timeformat | Parses time fields in raw logs to convert time formats and set parsing results as log time. |
Plugin Name | Support Subitem Parsing | Plugin Parameter | Required | Feature Description |
processor_multiline | No | BeginRegex | Yes | Defines the first-line matching regex for multi-line logs. |
processor_multiline_fullregex | Yes | BeginRegex | Yes | Defines the first-line matching regex for multi-line logs. |
| | ExtractRegex | Yes | Defines the extraction regex after multi-line logs are extracted. |
| | ExtractKeys | Yes | Defines the extraction keys. |
processor_fullregex | Yes | ExtractRegex | Yes | Defines the extraction regex. |
| | ExtractKeys | Yes | Defines the extraction keys. |
processor_json | Yes | SourceKey | No | Defines the name of the upper-level processor key processed by the current processor. |
| | KeepSource | No | Defines whether to retain `SourceKey` in the final key name. |
processor_split_delimiter | Yes | SourceKey | No | Defines the name of the upper-level processor key processed by the current processor. |
| | KeepSource | No | Defines whether to retain `SourceKey` in the final key name. |
| | Delimiter | Yes | Defines the separator (single or multiple characters). |
| | ExtractKeys | Yes | Defines the extraction keys after separator splitting. |
processor_split_key_value | No | SourceKey | No | Defines the name of the upper-level processor key processed by the current processor. |
| | KeepSource | No | Defines whether to retain `SourceKey` in the final key name. |
| | Delimiter | Yes | Defines the separator between the `Key` and `Value` in a string. |
processor_drop | No | SourceKey | Yes | Defines the name of the upper-level processor key processed by the current processor. |
processor_timeformat | No | SourceKey | Yes | Defines the name of the upper-level processor key processed by the current processor. |
| | TimeFormat | Yes | Defines the time parsing format for the `SourceKey` value (time data string in logs). |
define-log
as Log Topic Name and click Confirm.[directory prefix expression]/**/[filename expression]
.Parameter | Description |
Directory Prefix | Directory prefix for log files, which supports only the wildcard characters * and ? .\\* indicates to match any multiple characters.? indicates to match any single character. |
/**/ | Current directory and all its subdirectories. |
File Name | Log file name, which supports only the wildcard characters * and ? .\\* indicates to match any multiple characters.? indicates to match any single character. |
No. | Directory Prefix Expression | Filename Expression | Description |
1. | /var/log/nginx | access.log | In this example, the log path is configured as /var/log/nginx/**/access.log . LogListener will listen for log files named access.log in all subdirectories in the /var/log/nginx prefix path. |
2. | /var/log/nginx | *.log | In this example, the log path is configured as /var/log/nginx/**/*.log . LogListener will listen for log files suffixed with .log in all subdirectories in the /var/log/nginx prefix path. |
3. | /var/log/nginx | error* | In this example, the log path is configured as /var/log/nginx/**/error* . LogListener will listen for log files prefixed with error in all subdirectories in the /var/log/nginx prefix path. |
key:"{"substream":XXX}"
.log/*.log
and rename the old file after log rotation as log/*.log.xxxx
.Key
and the original log content is the Value
for log uploading.
Apakah halaman ini membantu?