I have to query to search like MESSAGE : "fail processing: /afc/data/failed/*" but I can't it failed
Could you suggest me?
How are you sending this query in Kibana? Can you share a screenshot?
1 Like
I want to search all message like this "fail processing: /afc/data/failed/*"
I have attached file :
{
"_index": "filebeat-6.3.2-2018.12.19",
"_type": "doc",
"_id": "XgHsxGcBYmOYjLJUf-3Y",
"_version": 1,
"_score": null,
"_source": {
"STATUS": "E",
"offset": 131609047,
"message": "Dec 18 23:45:04 cms01 dbglog (E) adapt.sh:21018: fail processing: /afc/data/failed/20181126/adapt/rd_20181126_122220_000A1A27_t00000003.dat#22",
"host": {
"name": "elk_stack2"
},
"@timestamp": "2018-12-19T05:24:45.850Z",
"tags": [
"beats_input_codec_plain_applied"
],
"MONTH": "Dec",
"TIME": "23:45:04",
"beat": {
"name": "elk_stack2",
"version": "6.3.2",
"hostname": "elk_stack2"
},
"DATE": "18",
"SERVER_NAME": "cms01",
"source": "/var/log/cms/CMS_20181218.log",
"SOURCE": "adapt.sh:21018:",
"MESSAGE": "fail processing: /afc/data/failed/20181126/adapt/rd_20181126_122220_000A1A27_t00000003.dat#22",
"@version": "1",
"ADAPTER": "dbglog "
},
"fields": {
"@timestamp": [
"2018-12-19T05:24:45.850Z"
]
},
Thank you Spalger
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.