Kibana Grok 调试工具使用

Kibana -> Dev Tools -> Grok Debugger

Sample Data

2020-11-27 11:27:36.168 [appblog-mall-api-gateway][ WARN ] [123188] [nio-8081-exec-6] [9bd918cc09b82f16] [9bd918cc09b82f16] [true] --- [cn.appblog.mall.gateway.api.filter.SignaturePreFilter] [needCheckSign] [150] : merchant signature ignore! merchantId=2020102600188001

Grok Pattern

%{TIME_STAMP_A:logtime}\s+\[\s*%{APP_NAME:appname}\s*\]\[\s*%{LOG_LVL:loglvl}\s*\]\s+\[\s*%{PROCESS_ID:pid}\s*\]\s+\[\s*%{PROCESS_NAME:pname}\s*\]\s+\[\s*%{TRACE_ID:traceid}\s*\]\s+\[\s*%{SPAN_ID:spanid}\s*\]\s+\[\s*%{SPAN_EXPORTABLE}\s*\]\s+---\s+\[\s*%{CLASS_PATH:classpath}\s*\]\s+\[\s*%{METHOD_NAME:methodname}\s*\]\s+\[\s*%{CODE_LINE:codeline}\s*\]\s+:\s+%{CONTENT}

Custom Patterns

TIME_STAMP_A \d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2}.\d{3}
TIME_STAMP_T \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{3}Z
TIME_STAMP_P \d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2}
TIME_STAMP_S \d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2},\d{3}
HOST_NAME_PATTERN [a-zA-Z0-9._-]+
APP_NAME [a-zA-Z0-9._-]+
LOG_LVL [a-zA-Z0-9._-]+
CORRELATION_ID [0-9a-f-]{36}
CIP ((?:(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d)))\.){3}(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d))))
ID_PATTERN [0-9a-f\-]{36}
RPC_ID_PATTERN [0-9\.]+
APP_OR_METHOD [/a-zA-Z0-9._-]+
TRACE_ID [0-9a-f]*
SPAN_ID [0-9a-f]*
PROCESS_ID \d{3,6}
PROCESS_NAME [a-zA-Z0-9._-]+
SPAN_EXPORTABLE [a-z]{0,5}
CLASS_PATH [a-zA-Z0-9._]+
METHOD_NAME [a-zA-Z0-9_$]+
CODE_LINE \d{1,5}
CONTENT [\s\S]*$

Simulate

Structured Data

{
  "traceid": "9bd918cc09b82f16",
  "classpath": "cn.appblog.mall.gateway.api.filter.SignaturePreFilter",
  "loglvl": "WARN",
  "pname": "nio-8081-exec-6",
  "pid": "123188",
  "codeline": "150",
  "spanid": "9bd918cc09b82f16",
  "appname": "appblog-mall-api-gateway",
  "logtime": "2020-11-27 11:27:36.168",
  "methodname": "needCheckSign"
}