Hello,
I'll start off by saying I am very new to Kibana. With a lot of googling I have managed to come as far as I have, but now I am stuck. I am reading log files and in the Discover tag I can finally see the fields I have added (but only when I uncheck "Hide Missing Fields), but they do not seem to contain anything.
However, when try it out in a Grok debugger (https://grokdebug.herokuapp.com/) it looks like it's supposed to work.
This is how the log lines look:
2018-10-15 09:02:04,254 [121] INFO System.Object: Cookie settings level: 2
And this is my config file:
input {
file {
path => "path to log.log"
start_position => "beginning"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601:log_timestamp} \[%{NUMBER:thread_id}\] %{WORD:log_level}"
negate => true
what => "previous"
}
type => "test_info"
}
}
output {
if "test_info" == [type] {
elasticsearch {
hosts => ["10.21.4.37:9200"]
index => "test_info"
document_type => "episerver_info"
}
}
}
filter {
if "test_info" == [type] {
grok {
match => [ "message", "%{TIMESTAMP_ISO8601:log_timestamp} \[%{NUMBER:thread_id}\] %{WORD:log_level} %{DATA:info_class}: %{GREEDYDATA:info_message}"]
}
}
}
I have looked around for hours now trying to figure out what I am missing. I have updated the index several times but that does not change anything. How come I managed to get my fields as I want in the Grok debugger, but Kabana/Elasticsearch somehow ignores to add data in them?
Any help would be greatly appreciated.
