I am interested in two types of lines in log file as shown below.
What options will be most effective?
20151020 00:08:00 0 0 0 0 0 0 0 100 0 0 0 1615 855 1 1056 0 0.95 1.09 1.06 1 0 264688028 27462076 237225952 0 1023504 20036052 1291728 133592 2254752 3515924 16 12386284 0 12386284 0 0 592 0 0 12201908 0 37 688 0 0 0 0 103788 816
20151020 00:10:00 1 root 20 0 0 S 25728 0 1600 336 136 140 2512 1 0.00 0.00 0 0:00:18 0 0 52 0 10 1 0 0 0 /sbin/init
Thanks in advance.
A conditional statement? What would that look like?
If you're using a grok filter you can list two expressions and it'll match either one, but you can use a conditional too, e.g. something similar to this (which matches the first kind of message):
if [message] =~ /^\d{8} \d\d:\d\d:\d\d \d \d/ {
...
} else {
...
}
You might want to tighten the expression to be more exact but the idea is there.
great thanks
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.