Can we monitor IBM webSphere event logs using elasticsearch?


(Ashok Gandla) #1

Hi,

I want to monitor the near real time logs of IBM webSphere.

How can we do with elasticsearch?


(Magnus Bäck) #2

Use Logstash to read and parse the logs and post them into Elasticsearch.


(Ashok Gandla) #3

Can we read real time websphere logs using Logstash? i mean how do connect to IBM server?
Can i have any sample logsatsh conf file to connect IBM?


(Magnus Bäck) #4

If WebSphere writes its logs to text files in the file system you can use Logstash and its standard plugins to read them (in real time). If WebSphere produces logs in some other format it will probably take more work.

Unless you can find something in the forum archives (or be general googling) you'll probably have to make up the Logstash yourself. We can help but we need additional details about the logs.

Since this is a Logstash question, please move it to the Logstash group.


(Mark Walkom) #5

Done.


(Ashok Gandla) #6

Logs are text format only.How to connect IBM remote application servers using Logstash.
Is there any standard format?


(Ashok Gandla) #7

Do we need to purchase Logstash Integration Toolkit for monitor IBM application server logs?


(Mark Walkom) #8

Why? Just point LS at the files and let it read them.


(Ashok Gandla) #9

First we need to connect the servers right?
Can i have sample logstash conf file? or any reference url?


(Mark Walkom) #10

Take a look at https://www.elastic.co/guide/en/logstash/current/getting-started-with-logstash.html


(Ashok Gandla) #11

I didn't see any info in this to connect server.
Already am able to load the static text log file using kibana.But i want monitor and analyze remote server logs.


(Mark Walkom) #12

Use the file input and then ship them via TCP or similar to another LS instance, then into ES.


(Ashok Gandla) #13

Logs are located in specified path at unix server.So what we need to give in logstash input?
First we need to connect server by giving credentials ,then go to the specified path and grep with the string with particular date.


(Christian Dahlqvist) #14

You will need to install an agent on each application server node that will read the local log files and send them to Logstash and Elasticsearch for further processing. Logstash itself can be used for this using the file input, but often a more light weight shipper, e.g. Logstash-forwarder, is used instead.


(system) #15