Hello All,
I am a newbie, my aim is to analyze some log
files created with the "liferay" environment.
As a test I was trying to reproduce the log analysis of the 0-60 video.
I copied both the log and the config file from the video (but for the shield plugin),
I have installed logstash 1.5 and elasticsearch 1.5.1,
however logstash seems to be unable to recognize the log.
Am I missing something obvious?
I attach here the log, and the result lt:
71.141.244.242 - kurt [18/May/2011:01:48:10 -0700] "GET /admin HTTP/1.1" 301 566 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3"
{
"message" => "71.141.244.242 - kurt [18/May/2011:01:48:10 -0700] "GET /admin HTTP/1.1" 301 566 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3" ",
"@version" => "1",
"@timestamp" => "2015-05-26T09:31:42.224Z",
"host" => "localhost.localdomain",
"tags" => [
[0] "_grokparsefailure"
],
"useragent" => {
"name" => "Other",
"os" => "Other",
"os_name" => "Other",
"device" => "Other"
}
}
here is the config file.
input {
stdin{ }
}
filter {
grok{
match =>{
"message" => '%{IPORHOST:clientip} %{USER:ident} %{USER:auth} [%{HTTPDATE:timestamp}]
"%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response:int} (?:-|%{NUMBER:bytes:int}) %{QS:referrer} %{QS:agen
t}'
}
}
date {
match => ["timestamp", "dd/MM/YYYY:HH:mm:ss Z" ]
locale => en
}
geoip{
source => "clientip"
}
useragent{
source => "agent"
target => "useragent"
}
}
output {
stdout {codec => rubydebug}
elasticsearch {
protocol => "http"
host => "localhost"
}
}