Hi,
Es 2.4.0
logstash 5.1.1
I have config file like this
input {
file {
path => "F:\logstash-5.1.1\logstash-5.1.1\bin\slowlog.log"
start_position => "beginning"
}
}
filter {
grok { # parses the common bits
match => [ "message", "[%{URIHOST}:%{ISO8601_SECOND}][%{LOGLEVEL:LEVEL}%{SPACE}][%{DATA:QUERY}]%{SPACE}[%{DATA:QUERY1}]%{SPACE}[%{DATA:INDEX-NAME}]%{SPACE}took[%{DATA:TOOK}],%{SPACE}took_millis[%{DATA:TOOKM}], types[%{DATA:types}], stats[%{DATA:stats}], search_type[%{DATA:search_type}], total_shards[%{NUMBER:total_shards}], source[%{DATA:source_query}],extra_source[%{DATA:extra_source}]," ]
}
}
output
{
stdout { codec => rubydebug }
}
This is used to get the slowlogs from elasticsearch .when i am executing this i am getting output like this
"path" => "F:\logstash-5.1.1\logstash-5.1.1\bin\slowlog.log",
"@timestamp" => 2017-01-13T04:25:28.540Z,
"@version" => "1",
"host" => "yaswanth",
"message" => "[2016-12-28T15:53:21,341][DEBUG][index.search.slowlog.query] [vVhZxH7] [sw][0] took[184.7micros], took_millis[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[5], source[{",
"tags" => [
[0] "_grokparsefailure"
]
}
{
"path" => "F:\logstash-5.1.1\logstash-5.1.1\bin\slowlog.log",
"@timestamp" => 2017-01-13T04:25:28.870Z,
"@version" => "1",
"host" => "yaswanth",
"message" => " "ext" : { }",
"tags" => [
[0] "_grokparsefailure"
]
}
{
"path" => "F:\logstash-5.1.1\logstash-5.1.1\bin\slowlog.log",
"@timestamp" => 2017-01-13T04:25:28.871Z,
"@version" => "1",
"host" => "yaswanth",
"message" => "}], \r",
"tags" => [
[0] "_grokparsefailure"
]
}
{
"path" => "F:\logstash-5.1.1\logstash-5.1.1\bin\slowlog.log",
"@timestamp" => 2017-01-13T04:25:28.875Z,
"@version" => "1",
"host" => "yaswanth",
"message" => "[2016-12-28T15:53:21,342][DEBUG][index.search.slowlog.query] [vVhZxH7] [sw][4] took[84.6micros], took_millis[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[5], source[{",
"tags" => [
[0] "_grokparsefailure"
]
}
{
"path" => "F:\logstash-5.1.1\logstash-5.1.1\bin\slowlog.log",
"@timestamp" => 2017-01-13T04:25:28.876Z,
"@version" => "1",
"host" => "yaswanth",
"message" => " "ext" : { }",
"tags" => [
[0] "_grokparsefailure"
]
}
{
"path" => "F:\logstash-5.1.1\logstash-5.1.1\bin\slowlog.log",
"@timestamp" => 2017-01-13T04:25:28.877Z,
"@version" => "1",
"host" => "yaswanth",
"message" => "}], \r",
"tags" => [
[0] "_grokparsefailure"
]
}
{
"path" => "F:\logstash-5.1.1\logstash-5.1.1\bin\slowlog.log",
"@timestamp" => 2017-01-13T04:25:28.877Z,
"@version" => "1",
"host" => "yaswanth",
"message" => "[2016-12-28T15:53:21,342][DEBUG][index.search.slowlog.query] [vVhZxH7] [sw][1] took[488.9micros], took_millis[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[5], source[{",
"tags" => [
[0] "_grokparsefailure"
]
}
{
"path" => "F:\logstash-5.1.1\logstash-5.1.1\bin\slowlog.log",
"@timestamp" => 2017-01-13T04:25:28.879Z,
"@version" => "1",
"host" => "yaswanth",
"message" => " "ext" : { }",
"tags" => [
[0] "_grokparsefailure"
]
But what i want is i want everything in the message format like this
"message" =>"[2016-12-28T15:53:21,341][DEBUG][index.search.slowlog.query] [vVhZxH7] [sw][0] took[184.7micros], took_millis[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[5], source[{
"ext" : { }
}], "
my slowlog is in the format
[2016-12-28T15:53:21,341][DEBUG][index.search.slowlog.query] [vVhZxH7] [sw][0] took[184.7micros], took_millis[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[5], source[{
"ext" : { }
}],
[2016-12-28T15:53:21,342][DEBUG][index.search.slowlog.query] [vVhZxH7] [sw][4] took[84.6micros], took_millis[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[5], source[{
"ext" : { }
}],
Can anyone help me how to do this?