Updated at: 2022-12-09 03:49:50
1. Click Data Management > Object Management > Parsing Rule > + New to create New parsing rule, as follows:
• Rule Name: Fill in the Rule Name, which must be globally unique.
• Filtering Condition: Add filtering condition by Saved Field or Customization to filter. The Filtering Condition can make the rules bound to the logs in the system and perform parsing field extraction;
• Saved Field:
Field configuration includes: type, tags and arPort. Matched log filtering is achieved by setting field values, which are the values of the corresponding selected fields in all aggregated logs of the current system. You can add multiple field values and achieve log filtering by logical action (AND/OR), as follows:
• Customization:
You can enter any Field Name and Field Value, with two methods to match between Field Name and Field Value: "==" and "=~". The =~ means the field is defined by regular matching, and click Add to finish adding the filter condition.
2. After completing the filter condition setting, click Search Log to view the log search results for all matched fields and time filter condition in the log list, and click the TimePicker to switch the search time range, as follows:
3. Select the log sample in the log list, hover over the log entry to display Selected as a Sample Log, and click the selected log to add it to the log sample edit box, as follows:
4. In the Details column, select the Content to Parse: Original Log, as follows:
5. Select the Parsing Method and the Precondition of Original Log in drop-down menu. There are 7 parsing methods for Original Log: Grok Parsing, JSON Parsing, XML Parsing, Keyword Extraction, Syslog_pri Parsing, KeyValue Parsing, and Desensitization, as follows:
_15.png)
Note: For details of the various parsing methods, please refer to the section Log Parsing Method .
The following is to choose the Grok Parsing method to parse the Apache Error log. Select the parsing method and click Verify, you can view the log sample parsed result on the right side, as follows:
6. At the top of the log list, click Apply Parsing Rule and the above configured parsing rule will be applied to all logs and report back the parsing status as follows:
7. Click
to filter the failed parsing logs and use them as samples to add additional parsing method and optimize the parsing rule to improve the matching of parsing rule;
8. After adjusting the parse rule, click OK to save the parse rule.
• Rule Name: Fill in the Rule Name, which must be globally unique.
• Filtering Condition: Add filtering condition by Saved Field or Customization to filter. The Filtering Condition can make the rules bound to the logs in the system and perform parsing field extraction;
• Saved Field:
Field configuration includes: type, tags and arPort. Matched log filtering is achieved by setting field values, which are the values of the corresponding selected fields in all aggregated logs of the current system. You can add multiple field values and achieve log filtering by logical action (AND/OR), as follows:
• Customization:
You can enter any Field Name and Field Value, with two methods to match between Field Name and Field Value: "==" and "=~". The =~ means the field is defined by regular matching, and click Add to finish adding the filter condition.
2. After completing the filter condition setting, click Search Log to view the log search results for all matched fields and time filter condition in the log list, and click the TimePicker to switch the search time range, as follows:
3. Select the log sample in the log list, hover over the log entry to display Selected as a Sample Log, and click the selected log to add it to the log sample edit box, as follows:
4. In the Details column, select the Content to Parse: Original Log, as follows:
5. Select the Parsing Method and the Precondition of Original Log in drop-down menu. There are 7 parsing methods for Original Log: Grok Parsing, JSON Parsing, XML Parsing, Keyword Extraction, Syslog_pri Parsing, KeyValue Parsing, and Desensitization, as follows:
Note: For details of the various parsing methods, please refer to the section Log Parsing Method .The following is to choose the Grok Parsing method to parse the Apache Error log. Select the parsing method and click Verify, you can view the log sample parsed result on the right side, as follows:
6. At the top of the log list, click Apply Parsing Rule and the above configured parsing rule will be applied to all logs and report back the parsing status as follows:
7. Click
to filter the failed parsing logs and use them as samples to add additional parsing method and optimize the parsing rule to improve the matching of parsing rule;8. After adjusting the parse rule, click OK to save the parse rule.
< Previous:
Next: >