Debug code of file config to get log

Elastic Stack Logstash
1

Hi all

I make a file config to get log from apache.

input {
file{
type => "apache-access"
path => " /var/log/logstash/apache.log"
start_position => "beginning"
}
}

filter {

if "% Apache-" in [message]{
    mutate {
    add_tag => ["apache"]
    }

grok {

    match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program} (?\[POSINT:syslog_pid}\]?: %{GREEDYDATA:syslog_message}"]
    add_field => [ "received_at","%{@timestamp}"]

    add_field => [ "received_from", "%{host}"]

}

}

date {

    match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]

}
}

output {
elasticsearch { hosts => localhost}
}
stdout { codec => rubydebug }
}

After that, i check it though command below:

/opt/logstash/bin/logstash –configtest -f /etc/logstash/conf.d/logstash_getlog_config.conf

It recomment me some error in there, however i can't fix them..

Could you check and show me what is my mistake and how can i fix it?

Regds

2

hello

There were 2 mistakes in your config:

  1. in filter => grok => match
  2. in the output

Check out a correct config below:

input {
	file{
		type => "apache-access"
		path => " /var/log/logstash/apache.log"
		start_position => "beginning"
	}
}

filter {

	if "% Apache-" in [message]{
    	mutate {
    		add_tag => ["apache"]
    	}

		grok {

    		match =>[ "message", "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program} (?\[%{POSINT:syslog_pid}\]?: %{GREEDYDATA:syslog_message}"]
    		add_field => [ "received_at","%{@timestamp}"]
    		add_field => [ "received_from", "%{host}"]
		}

	}

	date {

    	match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
	}	
}


output {
	elasticsearch { host => localhost}
	stdout { codec => rubydebug }
}