FileBeat系列:multiline的pattern negate match使用方法
Java Stack
Exception后面行都是以空白开始的。
Exception in thread "main" java.lang.NullPointerException
at com.example.myproject.Book.getTitle(Book.java:16)
at com.example.myproject.Author.getBookTitles(Author.java:25)
at com.example.myproject.Bootstrap.main(Bootstrap.java:14)
multiline.pattern: '^[[:space:]]' multiline.negate: false multiline.match: after
空白开始或者...或者Caused by开始的都为一段
Exception in thread "main" java.lang.IllegalStateException: A book has a null property
at com.example.myproject.Author.getBookIds(Author.java:38)
at com.example.myproject.Bootstrap.main(Bootstrap.java:14)
Caused by: java.lang.NullPointerException
at com.example.myproject.Book.getId(Book.java:22)
at com.example.myproject.Author.getBookIds(Author.java:35)
... 1 more
multiline.pattern: '^[[:space:]]+(at|\.{3})[[:space:]]+\b|^Caused by:'
multiline.negate: false
multiline.match: after
断行
printf ("%10.10ld \t %10.10ld \t %s\
%f", w, x, y, z );
multiline.pattern: '\\$' multiline.negate: false multiline.match: before
时间戳
[2015-08-24 11:49:14,389][INFO ][env ] [Letha] using [1] data paths, mounts [[/ (/dev/disk1)]], net usable_space [34.5gb], net total_space [118.9gb], types [hfs]
multiline.pattern: '^\[[0-9]{4}-[0-9]{2}-[0-9]{2}'
multiline.negate: true
multiline.match: after
应用日志
[2015-08-24 11:49:14,389] Start new event [2015-08-24 11:49:14,395] Content of processing something [2015-08-24 11:49:14,399] End event
multiline.pattern: 'Start new event' multiline.negate: true multiline.match: after multiline.flush_pattern: 'End event'
总结
pattern:正则表达式 https://www.elastic.co/guide/en/beats/filebeat/7.x/regexp-support.html
negate:正则表达式是否正向生效 true:符合正则表达式的为一个基准行。 false:不符合表达式的为一个基准行。
match:基准行和后面after或前面before划分为一组