online元日志:
Sat Mar 11 00:04:01 2017
00:04:01 Checkpoint Completed: duration was 0 seconds.
00:04:01 Sat Mar 11 - loguniq 10, logpos 0x63ab018, timestamp: 0x50c5e9 Interval: 15054
00:04:01 Maximum server connections 1
00:04:01 Checkpoint Statistics - Avg. Txn Block Time 0.000, # Txns blocked 0, Plog used 0, Llog used 2
现在的问题是如何使用grok 正则表达式或是其他方法将,日志中的日期(非时分秒)添加到每一行,使logstash收到的信息如下:
Sat Mar 11 00:04:01 2017
Sat Mar 11 00:04:01 Checkpoint Completed: duration was 0 seconds.
Sat Mar 11 00:04:01 Sat Mar 11 - loguniq 10, logpos 0x63ab018, timestamp: 0x50c5e9 Interval: 15054
Sat Mar 11 00:04:01 Maximum server connections 1
Sat Mar 11 00:04:01 Checkpoint Statistics - Avg. Txn Block Time 0.000, # Txns blocked 0, Plog used 0, Llog used 2
求助各位 !非常感谢
Sat Mar 11 00:04:01 2017
00:04:01 Checkpoint Completed: duration was 0 seconds.
00:04:01 Sat Mar 11 - loguniq 10, logpos 0x63ab018, timestamp: 0x50c5e9 Interval: 15054
00:04:01 Maximum server connections 1
00:04:01 Checkpoint Statistics - Avg. Txn Block Time 0.000, # Txns blocked 0, Plog used 0, Llog used 2
现在的问题是如何使用grok 正则表达式或是其他方法将,日志中的日期(非时分秒)添加到每一行,使logstash收到的信息如下:
Sat Mar 11 00:04:01 2017
Sat Mar 11 00:04:01 Checkpoint Completed: duration was 0 seconds.
Sat Mar 11 00:04:01 Sat Mar 11 - loguniq 10, logpos 0x63ab018, timestamp: 0x50c5e9 Interval: 15054
Sat Mar 11 00:04:01 Maximum server connections 1
Sat Mar 11 00:04:01 Checkpoint Statistics - Avg. Txn Block Time 0.000, # Txns blocked 0, Plog used 0, Llog used 2
求助各位 !非常感谢
0 个回复