filebeat - filebeat中多行字符串的正则表达式
问题描述
我正在使用 filebeat 来汇总错误并发送警报,我想在filebeat.yml
文件中使用多行选项从以下日志中提取错误和围绕此错误的所有单词:
2019-07-02 16:00:00.037 [SUBSCRIBER_PROFILE-1157917705-d73442b7-8d07-4aee-a850-09aa51ff37e2] ********************Inquiry Item [com.etisalat.oms.inquiry.actions.Voi
ceMinutesCrossNetInquiry] Executed successfully**************************
2019-07-02 16:00:00.037 [SUBSCRIBER_PROFILE-1157917705-d73442b7-8d07-4aee-a850-09aa51ff37e2] Service Class [com.etisalat.oms.inquiry.actions.GeneralUnitsInquiry] l
oaded Successfully.
2019-07-02 16:00:00.037 [SUBSCRIBER_PROFILE-1157917705-d73442b7-8d07-4aee-a850-09aa51ff37e2] *************************** Starting Inquiry Item [com.etisalat.oms.in
quiry.actions.GeneralUnitsInquiry] *****************
2019-07-02 16:00:00.037 [SUBSCRIBER_PROFILE-1157917705-d73442b7-8d07-4aee-a850-09aa51ff37e2] Starting GeneralUnitsInquiry.execute ...
2019-07-02 16:00:00.037 [SUBSCRIBER_PROFILE-1157917705-d73442b7-8d07-4aee-a850-09aa51ff37e2] attributeType[UC], attributeValue[713], attributeMinValue[0], attribut
eMaxValue[null], attributeSubValue[71301]
2019-07-02 16:00:00.037 [SUBSCRIBER_PROFILE-1157917705-d73442b7-8d07-4aee-a850-09aa51ff37e2] ********************Inquiry Item [com.etisalat.oms.inquiry.actions.Gen
eralUnitsInquiry] Executed successfully**************************
2019-07-02 16:00:00.400 [ELIGIBLE_PRODUCT-1122220199-4b666699-b9b0-4549-8aff-537b199e040d] No product found for the RTIM offer name null
2019-07-02 16:00:00.400 [ELIGIBLE_PRODUCT-1122220199-4b666699-b9b0-4549-8aff-537b199e040d] Error While Processing Request [<?xml version="1.0" encoding="UTF-8"?>
<eligibleProductsRequest>
<channel>myEtisalatApp</channel>
<extraRequestParameters>
<name>INTERACTION_POINT</name>
<value>meaHomePage</value>
</extraRequestParameters>
<extraRequestParameters>
<name>APP_LANGUAGE</name>
<value>EN</value>
</extraRequestParameters>
<extraRequestParameters>
<name>APP_VERSION</name>
<value>9</value>
</extraRequestParameters>
<requestType>BEST_OFFER</requestType>
<transactionId>860acdaa2fc04ca88c7016d4f56b083d</transactionId>
<msisdn>1122220199</msisdn>
</eligibleProductsRequest>
].
com.etisalat.oms.exception.ApplicationException: No eligible product configured for this dial [1122220199]
at com.etisalat.oms.inquiry.manager.GenericProductEligibility.postValidate(GenericProductEligibility.java:72) ~[oms.jar:?]
at com.etisalat.oms.inquiry.manager.GenericProductEligibility.getEligibleProduct(GenericProductEligibility.java:42) ~[oms.jar:?]
at com.etisalat.oms.interfaces.service.ProductManagementService.getEligibleProducts(ProductManagementService.java:179) ~[oms.jar:?]
at com.etisalat.oms.interfaces.product.EligibleProductsHandler.handle(EligibleProductsHandler.java:47) [oms.jar:?]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1115) [jetty-all-9.3.1.v20150714-uber.jar:9.3.1.v20150714]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1051) [jetty-all-9.3.1.v20150714-uber.jar:9.3.1.v20150714]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-all-9.3.1.v20150714-uber.jar:9.3.1.v20150714]
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213) [jetty-all-9.3.1.v20150714-uber.jar:9.3.1.v20150714]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119) [jetty-all-9.3.1.v20150714-uber.jar:9.3.1.v20150714]
at org.eclipse.jetty.server.Server.handle(Server.java:517) [jetty-all-9.3.1.v20150714-uber.jar:9.3.1.v20150714]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:302) [jetty-all-9.3.1.v20150714-uber.jar:9.3.1.v20150714]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:242) [jetty-all-9.3.1.v20150714-uber.jar:9.3.1.v20150714]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:238) [jetty-all-9.3.1.v20150714-uber.jar:9.3.1.v20150714]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95) [jetty-all-9.3.1.v20150714-uber.jar:9.3.1.v20150714]
at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:57) [jetty-all-9.3.1.v20150714-uber.jar:9.3.1.v20150714]
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceAndRun(ExecuteProduceConsume.java:213) [jetty-all-9.3.1.v20150714-uber.jar:9.3.1.v20
150714]
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:147) [jetty-all-9.3.1.v20150714-uber.jar:9.3.1.v20150714]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:654) [jetty-all-9.3.1.v20150714-uber.jar:9.3.1.v20150714]
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:572) [jetty-all-9.3.1.v20150714-uber.jar:9.3.1.v20150714]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_65]
我使用了下面的模式,但它没有得到所有的日志块:
^\</|^[[:space:]]+\b|^Exception:
解决方案
尝试这样的配置(考虑到模式被否定):
filebeat.inputs:
- type: log
enabled: true
# https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html
multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.'
multiline.negate: true
multiline.match: after
推荐阅读
- python - 无法使用 create_tweet() 发布推文
- elasticsearch - 得到响应代码“400”在 logstash 中的 URL 联系 Elasticsearch
- python - 将日期转换为具有相同值的十六进制
- python - 如何使用 for 循环重复函数
- python - 只有 size-1 的数组可以转换为 Python 标量 Scikit Learn
- c# - 由于 XmlSerialization (sgen.exe) 无法在 Visual Studio 2022 中构建项目并且无法禁用
- snowflake-cloud-data-platform - 将雪花数据卸载到不带扩展名/文件格式的 s3
- partitioning - 当在事件中心 Azure 的同一分区中重试新事件时,会发生什么情况?
- java - JAVA笛卡尔形状绘图仪
- c++ - 不能使用 MinGW 包含 SDL_ttf.h