2017-05-15 12:06:17 INFO me.cinyi.imapp.push.commons.iospush - 用户ID[1000]-标识[11500], admin推送通知成功, messages:[6921]ms
input { stdin{} } filter { grok{ #match => {"message" => "%{WORD:method}"} #match => {"message" => "(?:%{SYSLOGTIMESTAMP:syslog_timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) %{WORD:method} %{GREEDYDATA:pushios} %{NUMBER:costs} \[${WORD:ms}"} match => {"message" => "(?:%{SYSLOGTIMESTAMP:syslog_timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) %{WORD:method} %{GREEDYDATA:pushios} %{WORD:method}\:\[%{NUMBER:costes}\]%{WORD:sencode}"} } } output { stdout{ codec => rubydebug } }
原文:http://www.cnblogs.com/fengjian2016/p/6874417.html