Hi folks
am passing logs from filebeat through logstash filter, am unable to pass the logs. but when am passing directly to kibana am able to get logs in kibana.
my file beat yml
filebeat.prospectors:
- type: log
- paths:
- /var/log/syslog
- /Users/naveen.sama/Desktop/allure-results/Allure_Log.txt
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: true
setup.template.settings:
index.number_of_shards: 3
output.logstash:
hosts: ["localhost:5044"]
Logstash config file
input {
beats {
port => 5044
host => "localhost"
}
}filter {
if [message] =~ /TRANSACTION START/ {
grok {
match => [ "message", "%{TIMESTAMP_ISO8601:timestamp} %{WORD:Info}\s+([%{WORD:loglevel}]\s+)?%{NOTSPACE}%{WORD} %{CISCO_REASON}%{BASE10NUM}-%{WORD:TransactionID}%{NOTSPACE}%{GREEDYDATA:taskid}" ]
}
}
}output
{
elasticsearch
{
hosts => ["localhost:9200"]
}
stdout { codec => rubydebug }
}
can anyone help me on this.
Thanks in advance