Cannot parse jboss server log

Elastic Stack Logstash
1

Hi,

I'm newbie on logstash, I've successfully installed and configured ElasticSearch, LogStash and Kibana as well as my first input using the Remote Log4J connector.

But now I'm trying to parse the server.log file with no success. This is my latest config file:

input {
   #log4j {
   #    mode => "server"
   #    host => "localhost"
   #    port => 4712
   #  }

    file {
        path => "/home/dlopez/server.log"
        start_position => "beginning"
        }
   }


   output {
     elasticsearch {
      hosts => "localhost:9200"
      index => "logstash-%{+YYYY.MM.dd}"
    }
  }

Anybody can help me,please? I just only need to send the whole file to Elastic and let Kibana do the rest.
Thank you very much in advanced.

Best regards

2

Finally I got it working,
now I'm trying to use a grok filter. I've tested the filter using the Grok Debugger but when restarting logstash, nothing is parsed.

Here is my logstash.conf file:

input {
  file {
        path => "/home/dlopez/server.log"
        start_position => "beginning"
       }
}

filter {
   grok {
     match =>
        {
          "message" => "%{TIMESTAMP_ISO8601:timestamp}%{SPACE}%{LOGLEVEL:level}\s+\[%{DATA:className}\]%{SPACE}%{GREEDYDATA:message}"
        }
   }
}
output {
  elasticsearch {
    hosts => "localhost:9200"
    index => "logstash-%{+YYYY.MM.dd}"
  }
}

Any help would be appreciated. Thanks

Regards

3

Logstash is probably tailing the input file and waiting for more lines to be added to it. Either delete the sincedb file or set sincedb_path to /dev/null. Also, if the file is older than a day you need to adjust the file input's ignore_older option.

4

Thank you very much! it works now!