Begin LogStash

marcos.vbp · August 29, 2018, 9:14pm

Hi All,

I'm starting with logstash, and studying alone.
I was trying to make a simple filter to display in kiban, for example the number of requests that an apache receives, I put two apaches of tests to show in a graph, the number of requests that are receiving, but I can not make a filter to arrive in that counter.
Would you have something to tell me?

with make this setting?

magnusbaeck · August 30, 2018, 6:07am

What do your logs look like? What does your Logstash configuration look like? Are you seeing anything in Kibana right now? If so, what does it look like?

Christian_Dahlqvist · August 30, 2018, 6:10am

Have a look at this practical introduction to Logstash, which explains how to use grok and get data into Elasticsearch.

marcos.vbp · August 30, 2018, 1:12pm

Records:
172.59.12.211 - - [30/Ago/2018:10:05:41 -0300] "POST /lms HTTP/1.1" 200 435
Setup:
input {
file {
path => "/var/log/weblogic/producao/lms01/access.log"
type => "weblogic-access-lms01"
start_position => "beginning"
}
filter {
if [type] == "weblogic-access-lms01" {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
add_field => {"server_log" => "%{type}"}
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output {
elasticsearch { hosts => "localhost:9800"}
}

In kibana , show , but I would like in Kibana grafical number conecction ( request ) in this apache.

marcos.vbp · August 30, 2018, 1:13pm

Christian I look this , but I could not mount an expression to get the number of connections that this apache receives.

magnusbaeck · August 30, 2018, 1:20pm

In kibana , show , but I would like in Kibana grafical number conecction ( request ) in this apache.

The default Discover view shows a histogram of events per unit of time so that sounds like what you want. You just need to filter out any events that aren't HTTP from this particular server. How that can be done depends on what your events look like. That's why I asked for that last time.

marcos.vbp · August 30, 2018, 2:18pm

Ok , tks for y help. I try change the filter and find information.

marcos.vbp · August 30, 2018, 7:57pm

Hi again

need help here now

problem in extract date , try any exemples and same error

Christian_Dahlqvist · August 30, 2018, 8:26pm

The timestamp pattern does not have a closing brace. Start from the beginning and build out from there step by step. That is the easiest way to catch mistakes.

marcos.vbp · August 30, 2018, 9:05pm

I'm running step by step, field by field. from start to finish.

That's how it works. % {IP: client_adress}% {SPACE} -% {SPACE} -% {GREEDYDATA: remainder}
Next step is to add the httd data.

% {IP: client_adress}% {SPACE} -% {SPACE} - \ [% {HTTPDATE: timestamp} ]% {GREEDYDATA: remainder}.

But I tried in different ways and none of them.
So I asked if there is any way to get the date as I need it.

system · September 27, 2018, 9:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.