Creating a single output from log file

Hi All,

I would like to know if its possible to read the entire log file and then parse messages and produce a single JASON document / CSV file (single entry)?

Appreciate any pointers on this.

Thanks

Hi,
I'm quite a newbie in ES... but have you tried the CSV output with path option ?
https://www.elastic.co/guide/en/logstash/current/plugins-outputs-csv.html#plugins-outputs-csv-dir_mode

Yes, when log files is read each message is parsed and there is a entry made in CSV. What I am trying to achieve is read all message and then write the message a single csv entry

E.g. (What works)

One,two,three,
,four,five,six

What I am trying to do

One,two,three,four,five,six

I was able to achieve the below but I am looking to have all the fields to be part of one single JSON

Currentstrong text
{"build_plat":"i686-linux-rhe5,64bit"}
{"app_name":"ABC"}
{"app_type":"ServerXYZ"}
{"host_name":"lab02"}
{"version_no":"8.9.400.50"}

Envisagedstrong text

{
"build_plat": "i686-linux-rhe5,64bit",
"app_name": "ABC",
"app_type": "ServerXYZ",
"host_name": "lab02",
"version_no": "8.9.400.50"
}

hi shiva,
if you could provide input code, it will be easy for others to provide solution

Below is log snippet

===================================================
XYZ Or, Version:'8.1.400.50'
Copyright (c) 2008-2016 XYZ Telecommunications Laboratories, Inc.
Component versions:
Commonlib: 8.1.300.37 C2
Loglib: 8.1.300.11 MT
Gmessagelib: 8.1.300.01
GServicelib: 8.1.300.06 MT
Confservlib: 8.1.300.09
Lcalib: 8.1.300.07
T-library 8.1.200.11 HA
SCXMLlib 8.1.301.01
Build platform: i686-linux-rhe5,64bit
Application name: OR_P
Application type: OServer (161)
Command line: ./or -app OR_P -host lab02 -port 2020
Host name: lab02
DST: TZ = 1, timeb = 0
Time zone: -19800, IST, IST
UTC time: 2018-10-10T05:51:15.343
Local time: 2018-10-10T11:21:15.343
Start time (UTC): 2018-10-10T05:51:15
Running time: 0:00:00:00
Host info: Linux, lab02, 2.6.18-194.el5, #1 SMP Tue Mar 16 21:52:39 EDT 2010, x86_64

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.