英文:
Log4j - how to tokenize logs like Elastic Search and group by values, filter and visualize them?
问题
当你了解日志的格式/模式时,是否有一种方法可以在不使用Elastic Search的情况下可视化/分类/过滤具有特定线程名称/客户端ID等的日志?例如,我想展示“这个线程有这些行,按时间戳排序,带有这些关键词”。我不想再手动按线程名称搜索。
当然,我可以手动使用grep,但我想以更好的方式可视化它们。如果我知道线程名称,我可以搜索它们,但我想在之前不知道它们的情况下显示所有线程名称。
此外,ES标记会话边界,但grep不会。您可以看到一个会话/请求与另一个会话/请求不同,因为会话ID已更改。一个线程在一段时间内可以承担多个会话。
到目前为止,我只在ES中看到了这个功能。我认为它可以被称为日志分词器和分类工具,但针对静态日志文件,而不是已经输入ES的文件。
现在,我正在尝试在Excel中实现这一点:在标签之间添加;,然后将它们解析到列中,并进行分类/过滤。在屏幕截图中,线程名称被筛选为一列。但我发现如果日志太多,这样做非常困难,因为按空格分隔不好,需要手动添加;或其他唯一分隔符。
英文:
When you know the logging format/pattern, is there a way to visualize/classify/filter logs with certain thread name/client id/... without using Elastic Search? I want to show for example, "this thread has these lines, ordered by timestamp, with these keywords". I don't want to manually search by thread names anymore.
I can manually grep, of course, but I want to visualize them in a better way. I can search them if I know the thread names, but I want to show all of the thread names without knowing them previously.
Also, ES marks session boundary, but grep does not. You can see that a session/request is different from another, because the session id has changed. A thread can undertake several sessions in a period of time.
I have only seen that in ES for now. I think it can be called as a log tokenizer and classifier tool, but towards static log files which haven't been fed into ES.
Now, I am trying to do this in Excel: adding ; between tags, and parse them to columns, and classify/filter. In the screenshot, thread names is filtered to be one. But I found it very hard to do if logs are too many because separating by space is not good, need to manually add ; or other unique separator.
答案1
得分: 0
Log4j2有一个用于可视化日志的伴随项目:Chainsaw。它并不具备很多功能,但可能足够满足您的需求。
英文:
Log4j2 has a companion project to visualize logs: Chainsaw. It does not have a lot of features, but it might be enough for your needs.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论