{"id":1675,"date":"2023-03-25T22:28:42","date_gmt":"2023-03-25T14:28:42","guid":{"rendered":"https:\/\/www.appblog.cn\/?p=1675"},"modified":"2023-04-23T21:49:35","modified_gmt":"2023-04-23T13:49:35","slug":"kibana-grok-debugging-tool-usage","status":"publish","type":"post","link":"https:\/\/www.appblog.cn\/index.php\/2023\/03\/25\/kibana-grok-debugging-tool-usage\/","title":{"rendered":"Kibana Grok \u8c03\u8bd5\u5de5\u5177\u4f7f\u7528"},"content":{"rendered":"

Kibana<\/code> -> Dev Tools<\/code> -> Grok Debugger<\/code><\/p>\n

Sample Data<\/h3>\n
2020-11-27 11:27:36.168 [appblog-mall-api-gateway][ WARN ] [123188] [nio-8081-exec-6] [9bd918cc09b82f16] [9bd918cc09b82f16] [true] --- [cn.appblog.mall.gateway.api.filter.SignaturePreFilter] [needCheckSign] [150] : merchant signature ignore! merchantId=2020102600188001<\/code><\/pre>\n
<\/p>\n
Grok Pattern<\/h3>\n
%{TIME_STAMP_A:logtime}\\s+\\[\\s*%{APP_NAME:appname}\\s*\\]\\[\\s*%{LOG_LVL:loglvl}\\s*\\]\\s+\\[\\s*%{PROCESS_ID:pid}\\s*\\]\\s+\\[\\s*%{PROCESS_NAME:pname}\\s*\\]\\s+\\[\\s*%{TRACE_ID:traceid}\\s*\\]\\s+\\[\\s*%{SPAN_ID:spanid}\\s*\\]\\s+\\[\\s*%{SPAN_EXPORTABLE}\\s*\\]\\s+---\\s+\\[\\s*%{CLASS_PATH:classpath}\\s*\\]\\s+\\[\\s*%{METHOD_NAME:methodname}\\s*\\]\\s+\\[\\s*%{CODE_LINE:codeline}\\s*\\]\\s+:\\s+%{CONTENT}<\/code><\/pre>\n
Custom Patterns<\/h3>\n
TIME_STAMP_A \\d{4}-\\d{2}-\\d{2}\\s\\d{2}:\\d{2}:\\d{2}.\\d{3}\nTIME_STAMP_T \\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}.\\d{3}Z\nTIME_STAMP_P \\d{4}-\\d{2}-\\d{2}\\s\\d{2}:\\d{2}:\\d{2}\nTIME_STAMP_S \\d{4}-\\d{2}-\\d{2}\\s\\d{2}:\\d{2}:\\d{2},\\d{3}\nHOST_NAME_PATTERN [a-zA-Z0-9._-]+\nAPP_NAME [a-zA-Z0-9._-]+\nLOG_LVL [a-zA-Z0-9._-]+\nCORRELATION_ID [0-9a-f-]{36}\nCIP ((?:(?:25[0-5]|2[0-4]\\d|((1\\d{2})|([1-9]?\\d)))\\.){3}(?:25[0-5]|2[0-4]\\d|((1\\d{2})|([1-9]?\\d))))\nID_PATTERN [0-9a-f\\-]{36}\nRPC_ID_PATTERN [0-9\\.]+\nAPP_OR_METHOD [\/a-zA-Z0-9._-]+\nTRACE_ID [0-9a-f]*\nSPAN_ID [0-9a-f]*\nPROCESS_ID \\d{3,6}\nPROCESS_NAME [a-zA-Z0-9._-]+\nSPAN_EXPORTABLE [a-z]{0,5}\nCLASS_PATH [a-zA-Z0-9._]+\nMETHOD_NAME [a-zA-Z0-9_$]+\nCODE_LINE \\d{1,5}\nCONTENT [\\s\\S]*$<\/code><\/pre>\n
Simulate<\/h3>\n
Structured Data<\/p>\n
{\n  "traceid": "9bd918cc09b82f16",\n  "classpath": "cn.appblog.mall.gateway.api.filter.SignaturePreFilter",\n  "loglvl": "WARN",\n  "pname": "nio-8081-exec-6",\n  "pid": "123188",\n  "codeline": "150",\n  "spanid": "9bd918cc09b82f16",\n  "appname": "appblog-mall-api-gateway",\n  "logtime": "2020-11-27 11:27:36.168",\n  "methodname": "needCheckSign"\n}<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
Kibana -> Dev Tools -> Grok Debugger Sample Data  […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[345],"tags":[347,344],"class_list":["post-1675","post","type-post","status-publish","format-standard","hentry","category-elk","tag-grok","tag-kibana"],"_links":{"self":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/1675","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/comments?post=1675"}],"version-history":[{"count":0,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/1675\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/media?parent=1675"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/categories?post=1675"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/tags?post=1675"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}