Configuration issue Logstash or Kibana

Elastic Stack Logstash
1

I have like this log format. but I am not sure i have to config filebeat or Logstash to get the after message to get the logs number to the same log. Can you help me to do this?

I have given 2 sample logs.

I, [2020-05-06T19:01:54.156085 #2714] INFO -- : amazonaccount: 5d817aefb5e24777d400422c. submit_feed feed_content: sku price minimum-seller-allowed-price maximum-seller-allowed-price quantity leadtime-to-ship fulfillment-channel
15893 30
24636 242
3214509 228
6003169 247

I, [2020-05-08T11:01:57.467075 #31370] INFO -- : amazonaccount: 5d817aefb5e24777d400422c. submit_feed feed_content: sku price minimum-seller-allowed-price maximum-seller-allowed-price quantity leadtime-to-ship fulfillment-channel
2421782 x1 74
41141 X 12 20
6294946 0
7011638 93
85001 52

When I check kibana it's showing

I, [2020-05-06T19:01:54.156085 #2714] INFO -- : amazonaccount: 5d817asawas24777dw400422c. submit_feed feed_content: sku price minimum-seller-allowed-price maximum-seller-allowed-price quantity leadtime-to-ship fulfillment-channel

I, [2020-05-08T11:01:57.467075 #31370] INFO -- : amazonaccount: 5d817asawas24777dw400422c. submit_feed feed_content: sku price minimum-seller-allowed-price maximum-seller-allowed-price quantity leadtime-to-ship fulfillment-channel

2

Logstash config

if "SUCCESS" not in [RUBY]{
grok {
match => { "message" => "[%{DATA:firstl}%{TIMESTAMP_ISO8601:timestamp} #%{POSINT:pid}] *%{RUBY_LOGLEVEL:loglevel} -- +%{DATA:progname}: %{GREEDYDATA:message}"}
add_tag => ["SUCCESS"]
remove_tag => ["_grokparsefailure"]
}
}

Kibana config

filebeat.inputs:

  • type: log
    enabled: true
    paths:

    • /var/log/production.log*
      #- /var/log/*.log

    tags: ["indexname"]

    multiline.pattern: '.'
    multiline.negate: true
    multiline.match: after
    multiline.max_lines: 500
    multiline.timeout: 5s

    fields:
    index: "index-name"

output.logstash:

The Logstash hosts

hosts: ["IPaddress:5044"]

xpack.monitoring:
enabled: true
elasticsearch:
hosts: ["http://IPaddress:9200"]

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.