API tools faq
paste
Advertisement
thanh_thu

grok_ghichep

thanh_thu
Jun 25th, 2019
48
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.05 KB | None | 0 0
raw download clone embed print report
  1. - Grok là một cách để khớp một dòng với biểu thức chính quy,ánh xạ các phần cụ thể của dòng vào các trường chuyên dụng và thực hiện hành động dựa trên anh xạ này.
  2.  
  3. - Pattern dựng sẵn:
  4. https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/grok-patterns
  5.  
  6. - Viết mẫu tùy chỉnh:
  7. => Format cơ bản cho 1 Logstash grok filter:
  8. %{PATTERN:FieldName}
  9.  
  10. - List thao tác, cùng với loại giá trị đầu vào và giá trị mặc định:
  11. https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html#_synopsis_125
  12.  
  13. - grok debug tool: https://grokdebug.herokuapp.com/
  14. https://cuongquach.com/kiem-tra-cau-hinh-khuon-mau-logstash-grok-bang-cong-cu-online.html
  15.  
  16. - Example:
  17. -> httpd/access_log
  18. [Format log]
  19. 103.53.170.84 - - [26/Jun/2019:10:36:04 +0700] "GET /resource_providers/56643342-6252-432f-82bd-d206429b8602/inventories HTTP/1.1" 200 400 "-" "nova-compute keystoneauth1/3.10.0 python-requests/2.19.1 CPython/2.7.5"
  20.  
  21. [Grok pattern]
  22. %{IPORHOT:clientip} %{USER:ident} %{USER:auth} %{HTTPDATE:timestamp} "%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response:int} (?:-|%{NUMBER:bytes:int}) %{QS:referrer} %{QS:agent}
  23.  
  24. {
  25. "message" => "103.53.170.84 - - [26/Jun/2019:10:36:04 +0700] "GET /resource_providers/56643342-6252-432f-82bd-d206429b8602/inventories HTTP/1.1" 200 400 "-" "nova-compute keystoneauth1/3.10.0 python-requests/2.19.1 CPython/2.7.5"",
  26. "@timestamp" => "2019-6-26T17:36:04.000Z",
  27. "@version" => "1",
  28. "host" => "-",
  29. "clientip" => "103.53.170.84",
  30. "ident" => "-",
  31. "auth" => "-",
  32. "timestamp" => "",
  33. "verb" => "GET",
  34. "request" => "/resource_providers/56643342-6252-432f-82bd-d206429b8602/inventories",
  35. "httpversion" => "1.1",
  36. "response" => "200",
  37. "bytes" => "400",
  38. "referrer" => ""-"",
  39. "agent" => ""nova-compute keystoneauth1/3.10.0 python-requests/2.19.1 CPython/2.7.5""
  40. }
  41.  
  42. -> /var/log/nova/nova-manage.log
  43. [format log]
  44. 2019-06-24 14:55:52.352 9871 INFO migrate.versioning.api [req-a48666be-120b-4452-88ed-0473d1573d5b - - - - -] done
  45.  
  46. [grok pattern]
  47. %{URIHOST} %{HAPROXYTIME} 9871 INFO %{JAVACLASS} %{SYSLOG5424SD} done
  48.  
  49. %{TIMESTAMP_ISO8601:timetamp} %{JAVACLASS} %{LOGLEVE:loglevel} %{NOTSPACE:requestid}
  50.  
  51. -> /var/log/glance/registry.log
  52. [format log]
  53. 2019-06-27 11:00:34.127 9225 INFO eventlet.wsgi.server [-] 106.75.85.117 - - [27/Jun/2019 11:00:34] "GET / HTTP/1.1" 401 309 0.003525
  54.  
  55. [grok pattern]
  56. %{URIHOST} %{HAPROXYTIME} 9225 INFO %{JAVACLASS} [-] %{IP} - - [27%{URIPATHPARAM} %{HAPROXYTIME}] %{QS} 401 309 %{JAVACLASS}
  57.  
  58. -> /var/log/glance/api.log
  59. [format log]
  60. 2019-06-24 18:04:30.772 9229 INFO eventlet.wsgi.server [req-0ad053d6-f4b2-43eb-bbb8-d087ef300500 e27b211bfcea4e05ab36e2d967e37d05 e45a672c9a634fdb9650d4483e276936 - default default] 103.53.170.82 - - [24/Jun/2019 18:04:30] "GET /v2/images/11a2d0cd-d4c9-43d2-9a88-dac794374194 HTTP/1.1" 200 988 0.013480
  61.  
  62. [grok pattern]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!