/******************Filtered Data need to send on elasticSearch ****************/
15:33:43.214 [tomcat-http--1] DEBUG com.txxixxd.cc.gatx.rePoinx - POSRequest {"enterpriseId":"5a4dd83a6c085324048fbbd1","storeId":"4042","requestPayload":{"firstname":"Ravi","lastname":"Kumar","dateofbirth":"1991-08-16 00:00:00","emailid":"raxxxkumar@yxxxxxxx.in","mobile":"753083xxx","pagesize":"10","pagenumber":"1","sortdirection":"","culturename":"","utcoffset":"0","membershipcardnumber":"","sortexpression":"","event":"searchcustomer"}}
/******************************* grook code for data ********************/
%{URIHOST}:%{BASE16FLOAT} %{SYSLOG5424SD} DEBUG %{JAVACLASS} - POSRequest {%{QS}:%{QS},%{QS}:%{QS},%{QS}:{%{QS}:%{QS},%{QS}:%{QS},%{QS}:%{QS},%{QS}:%{QS},%{QS}:%{QS},%{QS}:%{QS},%{QS}:%{QS},%{QS}:"","culturename":"","utcoffset":"0","membershipcardnumber":"","sortexpression":"","event":"searchcustomer"}}
/************************************Configuration File **************************/
input
{
file
{
path =>["C:/logdir/*.log"]
type =>"logs"
}
}
filter {
grok {
match => { "message" => "%{QS}:%{QS},%{QS}:%{QS},%{QS}:%{QS},%{QS}:%{QS},%{QS}:%{QS},%{QS}:%{QS},%{QS}:%{QS},%{QS}:"","culturename":"","utcoffset":"0","membershipcardnumber":"","sortexpression":"","event":"searchcustomer","apiTypeResolver":"api","providerCode":"LPMMK","credential":{"providerOutletId":"1901","merchantOutletId":"pWtU4cWTOoP3mzAdDAhBClYXuGgSDagrfgiMQqWoAlw="},"clientType":"101","providerType":"1","metadata":{"enterpriseMetadata":{"enterpriseId":"5a4dd83a6c085324048fbbd1"},"storeMetadata":{"storeCode":"4042"},"requestMetadata":{"requestUid":"675f6ab7-5f60%{ISO8601_TIMEZONE}f-bf25-9262ca8e4413","mqReferenceNo":"46e6cf84-0ef3-48a9-8bf4-e2b88a01f4d8"}}" }
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
/********************** Error on Logstash Logs ****************************/
[2018-01-09T13:37:18,438][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 13, column 121 (byte 208) after filter {\n grok {\n match => { "message" => "%{QS}:%{QS},%{QS}:%{QS},%{QS}:%{QS},%{QS}:%{QS},%{QS}:%{QS},%{QS}:%{QS},%{QS}:%{QS},%{QS}:"", :backtrace=>["C:/Users/pankajsharma/Downloads/logstash-6.1.1/logstash-6.1.1/logstash-core/lib/logstash/compiler.rb:42:in compile_imperative'", "C:/Users/pankajsharma/Downloads/logstash-6.1.1/logstash-6.1.1/logstash-core/lib/logstash/compiler.rb:50:in
compile_graph'", "C:/Users/pankajsharma/Downloads/logstash-6.1.1/logstash-6.1.1/logstash-core/lib/logstash/compiler.rb:12:in block in compile_sources'", "org/jruby/RubyArray.java:2486:in
map'", "C:/Users/pankajsharma/Downloads/logstash-6.1.1/logstash-6.1.1/logstash-core/lib/logstash/compiler.rb:11:in compile_sources'", "C:/Users/pankajsharma/Downloads/logstash-6.1.1/logstash-6.1.1/logstash-core/lib/logstash/pipeline.rb:51:in
initialize'", "C:/Users/pankajsharma/Downloads/logstash-6.1.1/logstash-6.1.1/logstash-core/lib/logstash/pipeline.rb:171:in initialize'", "C:/Users/pankajsharma/Downloads/logstash-6.1.1/logstash-6.1.1/logstash-core/lib/logstash/pipeline_action/create.rb:40:in
execute'", "C:/Users/pankajsharma/Downloads/logstash-6.1.1/logstash-6.1.1/logstash-core/lib/logstash/agent.rb:335:in block in converge_state'", "C:/Users/pankajsharma/Downloads/logstash-6.1.1/logstash-6.1.1/logstash-core/lib/logstash/agent.rb:141:in
with_pipelines'", "C:/Users/pankajsharma/Downloads/logstash-6.1.1/logstash-6.1.1/logstash-core/lib/logstash/agent.rb:332:in block in converge_state'", "org/jruby/RubyArray.java:1734:in
each'", "C:/Users/pankajsharma/Downloads/logstash-6.1.1/logstash-6.1.1/logstash-core/lib/logstash/agent.rb:319:in converge_state'", "C:/Users/pankajsharma/Downloads/logstash-6.1.1/logstash-6.1.1/logstash-core/lib/logstash/agent.rb:166:in
block in converge_state_and_update'", "C:/Users/pankajsharma/Downloads/logstash-6.1.1/logstash-6.1.1/logstash-core/lib/logstash/agent.rb:141:in with_pipelines'", "C:/Users/pankajsharma/Downloads/logstash-6.1.1/logstash-6.1.1/logstash-core/lib/logstash/agent.rb:164:in
converge_state_and_update'", "C:/Users/pankajsharma/Downloads/logstash-6.1.1/logstash-6.1.1/logstash-core/lib/logstash/agent.rb:90:in execute'", "C:/Users/pankajsharma/Downloads/logstash-6.1.1/logstash-6.1.1/logstash-core/lib/logstash/runner.rb:343:in
block in execute'", "C:/Users/pankajsharma/Downloads/logstash-6.1.1/logstash-6.1.1/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:in `block in initialize'"]}