可以正常解析
代码语言:javascript复制Tip: 如果无法正常解析, tags 里会多出一个 _grokparsefailure ,并且无法捕获下面多出来的那些值
{
"@timestamp" => "2016-01-29T21:29:06.567Z",
"message" => "# User@Host: taobao[taobao] @ regular_exp [192.168.35.23] Id: 1236\n# Schema: bat_db Last_errno: 0 Killed: 0\n# Query_time: 1.679745 Lock_time: 0.124872 Rows_sent: 0 Rows_examined: 292389 Rows_affected: 1066\n# Bytes_sent: 55\nSET timestamp=1450288859;\ncreate table temp_logstash_regular as\n select t1.user_id, t2.user_key\n from kibana_test_repo as t1\n join users as t2\n on t1.user_id = t2.id\n where t1.notification_ts >= '2015-12-16 00:00:00' and\n t1.notification_ts < '2015-12-17 00:00:00'\n group by t1.user_id;\n# Time: 151217 2:01:01",
"@version" => "1",
"host" => "h102.temp",
"tags" => [
[0] "_grokparsefailure"
]
}配置分析
input
代码语言:javascript复制input {
stdin {
codec => multiline {
pattern => "^# User@Host:"
negate => true
what => previous
}
}
}
