我的日志格式:[2017-05-19 09:38:10,690] [INFO] [http-nio-8050-exec-6] [com.yixiang.ticket.hub.service.impl.FlightServiceImpl.search(FlightServiceImpl.java:73)]| shopping request:{"cabinRank":"Y","flightRange":[{"fromCity":"CKG","fromDate":"2017-05-20","toCity":"TSN"}],"flightRangeType":"OW","redisKey":"PSSSHOPPING$OW$CKG#2017-05-20#TSN"}
grok :
grok{
match =>{
"message" => "[(?\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2},\d{3})]\s[(?\w*)]\s[(?\S*)][(?\S*)((?[^:]*)[:]{1}(?\d*))]\s|\s(?.*)"
}
}
在secureCRT上面启动 我自定义的logstash.conf文件的时候 报出以下异常:
Pipeline aborted due to error {:exception=>#\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2},\d{3})]\s[(?\w*)]\s[(?\S*)][(?\S*)((?[^:]*)[:]{1}(?\d*))]\s|\s(?.*)/m>, :backtrace=>["org/jruby/RubyRegexp.java:1434:in initialize'", "/home/elk/logstash-5.2.1/vendor/bundle/jruby/1.9/gems/jls-grok-0.11.4/lib/grok-pure.rb:127:incompile'", "/home/elk/logstash-5.2.1/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-3.3.1/lib/logstash/filters/grok.rb:274:in register'", "org/jruby/RubyArray.java:1613:ineach'", "/home/elk/logstash-5.2.1/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-3.3.1/lib/logstash/filters/grok.rb:269:in register'", "org/jruby/RubyHash.java:1342:ineach'", "/home/elk/logstash-5.2.1/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-3.3.1/lib/logstash/filters/grok.rb:264:in register'", "/home/elk/logstash-5.2.1/logstash-core/lib/logstash/pipeline.rb:235:instart_workers'", "org/jruby/RubyArray.java:1613:in eachqiu'", "/home/elk/logstash-5.2.1/logstash-core/lib/logstash/pipeline.rb:235:instart_workers'", "/home/elk/logstash-5.2.1/logstash-core/lib/logstash/pipeline.rb:188:in run'", "/home/elk/logstash-5.2.1/logstash-core/lib/logstash/agent.rb:302:instart_pipeline'"]}
