forked from stoerr/GrokConstructor
-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathLog4jsupport.txt
47 lines (41 loc) · 2.23 KB
/
Log4jsupport.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
- !!! Log4j Conversion pattern to grok regex converter
(perhaps later also logback: http://logback.qos.ch/manual/layouts.html - quite different! ,
java.util.logging http://docs.oracle.com/javase/7/docs/api/java/util/logging/SimpleFormatter.html - also quite different)
https://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/PatternLayout.html
% format_modifiers conversion_caracter
%c -> category : %{JAVACLASS:logger} (JAVACLASS does not work when abbreviated since it requires a package name)
%C -> classname : %{JAVACLASS:logger} (JAVACLASS does not work when abbreviated since it requires a package name)
%d ->
%d{HH:mm:ss,SSS} or %d{dd MMM yyyy HH:mm:ss,SSS}, kein specifier -> iso8601
%d{ISO8601} %d{ABSOLUTE} %{DATE}
ABSOLUTE = "HH:mm:ss,SSS" , DATE = "dd MMM yyyy HH:mm:ss,SSS" , ISO8601 = "yyyy-MM-dd HH:mm:ss,SSS"
Bsp: \A%{TIMESTAMP_ISO8601:timestamp}
(%F -> filename)
(%l -> location : usually consists of the fully qualified name of the calling method followed by the callers source the file name and line number between parentheses.)
(%L-> linenumber)
%m -> message : %{DATA:message} or %{GREEDYDATA:message}"
(%M -> methodname)
%n -> line separator "\n" oder "\r\n"
%p -> loglevel / priority : %{LOGLEVEL:loglevel}
%r -> relativeTime (number of milliseconds elapsed from the construction of the layout until the creation of the logging event.)
%t -> thread name : %{NOTSPACE:thread}
%x NDC
$X{key} -> key (from MDC)
%% -> percent sign
format_modifiers = [left_justification_flag][minimum_field_width][.][maximum_field_width]
left_justification_flag = - for left justification (pad on the right) , not present -> right justification (pad on the left)
Bsp: %20c, %-20c , %.30c, %20.30c, %-20.30c
%(?:(-)?(\d+))?(?:\.(\d+))?[a-zA-Z]
http://www.regexplanet.com/advanced/java/index.html !
date {
type => "log4j"
match => ["timestamp", "ISO8601", "yyyy-MM-dd HH:mm:ss,SSS"]
}
ConversionPatterns:
%d{dd.MM.yyyy HH:mm:ss},%m%n
%-4r [%t] %-5p %c %x - %m%n
%d{yyyyMMddHHmmss};%X{host};COMMONS;(%13F:%L);%X{sid};%X{rid};%-5p;%m%n
[cc]%d{MMM-dd HH:mm:ss} %-14.14c{1}- %m%n
%d{ABSOLUTE} | %-5p | %-10t | %-24.24c{1} | %-30.30C %4L | %m%n
%d{dd.MM.yyyy HH:mm:ss,SSS} - %r [%-5p] %c %m%n
%d{yyyy-MM-dd HH:mm:ss} %-5.5p [%-30c{1}] %-32X{sessionId} %X{requestId} - %m\n