Sublime Forum

How do I highlight certain words or texts or numbers in sublime-text highlighted log viewer

#1

I have a logstash log, something like that

(host_interface_name":“rfo7”,“log_category”:“ibs”,“stream”:87,“gl2_source_collector”:“53sdsds8f8f-8af2-97d6-040eret46cebc28e”,“log_subcategory”:“stesta”,"@timestamp":“2012-02-01T20:44:58.459Z”,“fl2_source_input”:“5e985726fgfgb6e9118ef4ae9”,“src_ip_type”:“private”,“src_MACAddress_correlation”:false,“alert_id”:2031234600,“file”:"/var/log/remote/logstash/ids.log" )

I would like to highlight certain words: like ( source, input, false, log, ids, )

and every time I paste a new log, I always get these words/numbers, are highlighted in order to save the analyzing time, Anyone can help me with that, please?

0 Likes
#2

I’m not sure if I understand your question correctly, please correct me if I’m wrong – are you asking how to write a syntax definition for a log file? If so, then this: http://www.sublimetext.com/docs/syntax.html will be a useful resource. You can also see how are ST built-in syntax definitions written (i.e. View package file > Git Log.sublime-syntax).

0 Likes
#3

Thank you very much for your reply,

I would like to use sublime to find these words, in every log, I paste in sublime. (by highlighting these words with different colors )
I hope it is more clear now

0 Likes
#4

If you are talking about syntax highlighting these so called logstash logs, something like

image
image.png1172×405 30.6 KB

Here’s a starter basic syntax definition I came up in like 5 minutes. I don’t know the exact syntax so you’ll have to refine and use it :slight_smile:

%YAML 1.2
---
file_extensions:
  - logstash
scope: source.logstash
version: 2

contexts:
  main:
    - include: log_body

  log_body:
    - match: \(
      scope: punctuation.section.block.begin.logstash
      push: log_body_end

  log_body_end:
    - meta_scope: meta.block.logstash
    - match: \)
      scope: punctuation.section.block.begin.logstash
      pop: 1
    - include: string
    - include: other_stuff
    - match: '[:,]'
      scope: punctuation.separator.logstash

  string:
    - match: \"
      scope: punctuation.definition.string.begin.logstash
      push: string_body

  string_body:
    - meta_scope: meta.string.logstash string.quoted.double.logstash
    - match: \"
      scope: punctuation.definition.string.end.logstash
      pop: 1

  other_stuff:
    - match: \d+
      scope: meta.number.integer.decimal.logstash constant.numeric.value.logstash

    - match: \bfalse\b
      scope: constant.language.boolean.logstash
1 Like