Last active
April 17, 2019 07:58
-
-
Save mudge/5047696 to your computer and use it in GitHub Desktop.
A grok pattern for Rails 3.2 logs for use with logstash. Assumes that you have a multiline filter to combine Rails logs into one line and only one worker is logging to a file (c.f. https://gist.github.com/mudge/5063930).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| multiline { | |
| tags => ["rails"] | |
| pattern => "^Started" | |
| negate => true | |
| what => "previous" | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RAILS3 (?m)Started %{WORD:verb} "%{URIPATHPARAM:request}" for %{IPORHOST:clientip} at (?<timestamp>%{YEAR:year}-%{MONTHNUM:month}-%{MONTHDAY:day} %{HOUR:hour}:%{MINUTE:minute}:%{SECOND:second} %{ISO8601_TIMEZONE:timezone})\s*Processing by (?<controller>[^#]+)#(?<action>\w+) as (?<format>\S+)(?:\n Parameters: %{DATA:params}\n)?%{DATA}Completed %{NUMBER:response}%{DATA} in %{NUMBER:totalms}ms \(Views: %{NUMBER:viewms}ms \| ActiveRecord: %{NUMBER:activerecordms}ms%{GREEDYDATA} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Here's a derivative version that I made, which uses Filebeat to combine multiline messages instead of Logstash (so LS groks the multiline message). Tested with :uuid enabled on Unicorn and Thin, with Rails 3.
https://gist.github.com/excalq/0c5023fce8af90089040daa6404525f2