Hi,
I'm trying to filter below weblogic log using Logtrash filter GROK.
[2015-02-24T19:17:31.238-05:00] [SOA1] [NOTIFICATION] []
[oracle.soa.b2b.engine] [tid: DaemonWorkThread: '4' of WorkManager:
'wm/SOAWorkManager'] [userId: ] [ecid:
d070755914343597:13c3dcbc:14bb6caf2c7:-8000-0000000000000006,1:30619] [APP:
soa-infra] BatchRepositorygetCountBatchNames : tid = 176 conn =
[weblogic.jdbc.wrapper.JTAConnection_weblogic_jdbc_wrapper_XAConnection_oracle_jdbc_driver_LogicalConnection-SOADataSource-140550,
oracle.jdbc.driver.LogicalConnection@1a08b2a3]
[2015-02-24T19:18:03.358-05:00] [SOA1] [NOTIFICATION] []
[oracle.soa.adapter] [tid: DaemonWorkThread: '16' of WorkManager:
'wm/SOAWorkManager'] [userId: <anony
I tried below both ways to get it work.. But only
TIMESTAMP_ISO8601:timestamp pattern is working and remaining not working.
-
input {
stdin {
type => "stdin-type"
}
file {
type => "SOA1-diagnostic"
path => [ ""]
}
}
filter {
multiline {
type => "SOA1-diagnostic"
pattern => "^[%{TIMESTAMP_ISO8601]"
negate => true
what => "previous"
}
grok {
type => "SOA1-diagnostic"
pattern =>
["[%{TIMESTAMP_ISO8601:timestamp}]\s*[%{WORD:Managed_Server}]\s*%{GREEDYDATA:log_message}"]
add_field => ["Log", "SOA1-diagnostic"]
}
}
output {
elasticsearch { host => }
}
-
input {
stdin {
type => "stdin-type"
}
file {
type => "SOA1-diagnostic"
path => [ "/mnt/orasoa2t/logs/soa2t_domain/SOA1-diagnostic.log"]
}
}
filter {
grok {
match => { "message" =>
"%{TIMESTAMP_ISO8601:wls_timestamp} %{GREEDYDATA:log_message}" }
}
}
output {
elasticsearch { host => usncx135 }
}
Please assist me. Thanks in advance.
Regards,
Bharath
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/29067e5c-cddb-49e3-813c-c1dccfce48fc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
On Wednesday, February 25, 2015 at 05:55 CET,
Bharath Paruchuri bharath.1930@gmail.com wrote:
I'm trying to filter below weblogic log using Logtrash filter GROK.
Please post Logstash question to the logstash-users mailing list.
https://groups.google.com/forum/#!forum/logstash-users
[...]
multiline {
type => "SOA1-diagnostic"
pattern => "^[%{TIMESTAMP_ISO8601]"
Couldn't help noticing that there's a } missing here.
[...]
--
Magnus Bäck | Software Engineer, Development Tools
magnus.back@sonymobile.com | Sony Mobile Communications
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/20150225064247.GB25857%40seldlx20533.corpusers.net.
For more options, visit https://groups.google.com/d/optout.
Yes. That helped me. Thanks.
On Wed, Feb 25, 2015 at 12:12 PM, Magnus Bäck magnus.back@sonymobile.com
wrote:
On Wednesday, February 25, 2015 at 05:55 CET,
Bharath Paruchuri bharath.1930@gmail.com wrote:
I'm trying to filter below weblogic log using Logtrash filter GROK.
Please post Logstash question to the logstash-users mailing list.
Redirecting to Google Groups
[...]
multiline {
type => "SOA1-diagnostic"
pattern => "^[%{TIMESTAMP_ISO8601]"
Couldn't help noticing that there's a } missing here.
[...]
--
Magnus Bäck | Software Engineer, Development Tools
magnus.back@sonymobile.com | Sony Mobile Communications
--
You received this message because you are subscribed to a topic in the
Google Groups "elasticsearch" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/elasticsearch/M8N7KsefD-s/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/20150225064247.GB25857%40seldlx20533.corpusers.net
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CA%2BRL%2BAW3Rx2pfAGiHhPmL9YgnPcEufcgUHkqbhSnhHd0a7qSEw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.