Need help for multiline hyperic tomcat wrapper logs with datestamp on each line of the exception


(Richin Kansal) #1

Request:

Need help for multiline hyperic tomcat wrapper logs with datestamp on each line of the exception.
We have developed below mentioned grok filters for the single line wrapper logs but unable to convert that into multiline as every line has timestamp at the starting of each log line unlike regular tomcat logs. Any help is highly appreciated.

Grok Filters Developed so far for single line:

JVMNAME %{WORD:jvm} %{INT:number}

WRAPPER_DATESTAMP 20%{YEAR}/%{MONTHNUM}/%{MONTHDAY} %{HOUR}:?%{MINUTE}(?::?%{SECOND})

GREEDYDATA .*

WRAPPERLOG %{LOGLEVEL:level} +| +%{JVMNAME:jvmname} +| +%{WRAPPER_DATESTAMP:timestamp} +| +%{GREEDYDATA:logmessage

Multiline Wrapper Log Message Format:

INFO | jvm 1 | 2015/09/23 08:07:20 | ActionConfig[cancellable=false,path=/sessionAuditTrail,validate=false,input=/sessionAuditTrail.do,name=sessionAuditTrailForm,scope=request,type=com.example.test.actions.ExampleDelegationtestAction
INFO | jvm 1 | 2015/09/23 08:09:44 | ActionConfig[cancellable=false,path=/FleetAvailability,validate=true,scope=session,type=com.example.test.actions.ExampleDelegationtestAction
INFO | jvm 1 | 2015/09/23 08:09:44 | - This action exception intercepted by Spring ExceptionInterceptor
INFO | jvm 1 | 2015/09/23 08:09:44 | java.lang.NumberFormatException: null
INFO | jvm 1 | 2015/09/23 08:09:44 | at java.lang.Long.parseLong(Long.java:375)
INFO | jvm 1 | 2015/09/23 08:09:44 | at java.lang.Long.valueOf(Long.java:525)
INFO | jvm 1 | 2015/09/23 08:09:44 | at com.example.test.actions.FleetAvailabilityAction.execute(FleetAvailabilityAction.java:147)
INFO | jvm 1 | 2015/09/23 08:09:44 | at sun.reflect.GeneratedMethodAccessor921.invoke(Unknown Source)
INFO | jvm 1 | 2015/09/23 08:09:44 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
INFO | jvm 1 | 2015/09/23 08:09:44 | at java.lang.reflect.Method.invoke(Method.java:597)
INFO | jvm 1 | 2015/09/23 08:09:44 | at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
INFO | jvm 1 | 2015/09/23 08:09:44 | at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
INFO | jvm 1 | 2015/09/23 08:09:44 | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
INFO | jvm 1 | 2015/09/23 08:09:44 | at org.springframework.aop.framework.adapter.MethodBeforeAdviceInterceptor.invoke(MethodBeforeAdviceInterceptor.java:51)
INFO | jvm 1 | 2015/09/23 08:09:44 | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
INFO | jvm 1 | 2015/09/23 08:09:44 | at org.springframework.aop.framework.adapter.ThrowsAdviceInterceptor.invoke(ThrowsAdviceInterceptor.java:124)
INFO | jvm 1 | 2015/09/23 08:09:44 | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
INFO | jvm 1 | 2015/09/23 08:09:44 | at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
INFO | jvm 1 | 2015/09/23 08:09:44 | at $Proxy164.execute(Unknown Source)
INFO | jvm 1 | 2015/09/23 08:09:44 | at sun.reflect.GeneratedMethodAccessor921.invoke(Unknown Source)
INFO | jvm 1 | 2015/09/23 08:09:44 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
INFO | jvm 1 | 2015/09/23 08:09:44 | at java.lang.reflect.Method.invoke(Method.java:597)
INFO | jvm 1 | 2015/09/23 08:09:44 | at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)


(Mark Walkom) #2

You may want to look at the aggregate filter, you can probably just agg on the timestamp and join things.


(Magnus B├Ąck) #3

If all lines begin in the same way, how can you tell if a line is a continuation of the previous?


(system) #4