HI,
i have now logs read from filebeat and they are less cut than logstash , indeed in logstash for example i have the LOG LEVEL field and not in filebeat, how can i proceed to have it please ?
and the new
Filebeat does not parse the log entries, so it is common to send them through Logstash for this type of processing.
thanks, yes but i have 2 problems,
- Logstash forwarder is deprecated ( and handler logstash is not good solution because use rescource and have to modify server)
- if i use handler i can"t know from what JVM the log come from...
If you use the fields option that I pointed you to an hour ago, what problem remains?
Hi,
it is not the same issue there is one hour ago is add a field for i know what logs is associated with wat JVM, here i have an information like LOG level in the message i want as a field like logstash... but in message sent there is not the field i want
2016-08-10T11:31:54+02:00 DBG Publish: {
"@timestamp": "2016-08-10T09:31:54.201Z",
"beat": {
"hostname": "rs-tst-int-02",
"name": "rs-tst-int-02"
},
"count": 1,
"fields": null,
"input_type": "log",
"message": "\tjava:app/AofWeb/EntityService!com.real.aof.business.service.EntityService",
"offset": 45708,
"source": "C:\dev\servers\wildfly-9.0.2.Final\domain\servers\server-two\log\server.log",
"type": "log"
}
or thread name, or thread ID , or logger class all those informations are in the message
First of all you should use Filebeat's multiline feature to join the multilined Java log messages into single events.
Secondly, just as Christian said earlier Filebeat (and logstash-forwarder) doesn't support parsing of message text and extraction of additional fields. You need to use Logstash (or a similar tool).
thank you it is what i wanted to know. I worked on a POC and i think it can be used later.
thank you !
This topic was automatically closed after 21 days. New replies are no longer allowed.