Best Practice for different log files with multi line Grok patterns

Mohsen_Sabbaghi · February 27, 2017, 1:33pm

Hi and Respect to all the ELK Gigs !

scenario :
i have several log files (my app logs, application server logs and...) that each of them contains several different of log patterns in their lines.
i'm new in ES and i just want to know what is the best practice for my scenario! to collect and parse them ?
should i parse them only by using one block of multi line Grok pattern ? or use multi Grok pattern block for each individual file ?
is it necessary to make different elastic nodes for each log file ?

thanks for your help
tags: #elasticsearch #logstash #grok #multiline_grok #ELK

magnusbaeck · February 28, 2017, 2:29pm

I don't think there's a single best practice here. There are several valid ways of doing it and the best solution depends on the context.

is it necessary to make different elastic nodes for each log file ?

No, absolutely not.

system · March 28, 2017, 2:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Multiple logstash config files Logstash	4	1971	June 1, 2018
Poorly structured log file Logstash	2	553	July 6, 2017
How do I create a filter for a custom app log with different lines? Logstash	10	1408	July 6, 2017
Matching multiple logs to differnt patterns Logstash	4	766	July 24, 2017
Create multiple groks for different logs Logstash	5	459	May 10, 2018

Best Practice for different log files with multi line Grok patterns

Related topics