I am trying to install ELK stack 7.3.2, I (filebeat included) have used the the following logstash conf., the fieldname logappname is not found in the kibana. Am I missing something?

input {
beats {
port => "5044"
}
}

The filter part of this file is commented out to indicate that it is

optional.

filter {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:logtimestamp} [%{WORD:thread}] %{LOGLEVEL:loglevel} %{GREEDYDATA:logmessage}"}
}
grok {
match => { "path" => "%{GREEDYDATA:logappname}"}
}
date {
match => ["logtimestamp", "ISO8601"]
target => "@timestamp"
}

mutate {
		remove_field => ["logtimestamp"]
	}

}
output {
#stdout { codec => rubydebug }
elasticsearch { hosts => [ "localhost:9200" ]}

}

Can you provide some more context around the logappname value?

What data are you expecting to see in there? Is this the field that you are looking for;

Yes, and this is the path details configured in filebeat

• type: log

  Change to true to enable this input configuration.

  enabled: true

  Paths that should be crawled and fetched. Glob based paths.

  paths:
  #- /var/log/*.log
  #- c:\programdata\elasticsearch\logs*

  • C:\Data\Logs*

and the log names under this folder is like TaskGenerator_20190915.1.log
and I need to have the value "TaskGenerator" for logappname

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.