Hi!
Logstash write a log into file randomly. For example log file:
[2018-01-10 10:59:09,792] [DEBUG] [http-bio-3010-exec-102] etc
[2018-01-10 10:58:49,440] [DEBUG] [http-bio-3010-exec-104] etc
[2018-01-10 10:59:39,165] [DEBUG] [http-bio-3010-exec-102] etc
[2018-01-10 10:59:29,466] [DEBUG] [http-bio-3010-exec-13] etc
[2018-01-10 10:59:47,161] [DEBUG] [http-bio-3010-exec-65] etc
[2018-01-10 10:58:49,440] [DEBUG] [http-bio-3010-exec-104] etc
Time in the log file is not in order: 10:59:09,792 then 10:58:49,440 and etc. How can I solve the problem?
filebeat config:
filebeat:
prospectors:
- input_type: log
paths:
- /var/log/tomcat/server.log
fields: { application: app, component: tomcat, shorthostname: "server_tomcat", env: prod, system: test}
fields_under_root: true
close_inactive: 2m
close_timeout: 1m
close_renamed: true
scan_frequency: 5s
multiline:
pattern: "^[[:space:]]+(at|...)|^Caused by:"
negate: false
match: after
logstash config:
input {
beats {
port => "3070"
}
}
filter {
if [message] =~ /^\s*$/ { drop { } }
else {
json { source => "event" }
}
}
output {
if [system] == "test" {
file {
path => "/logs/system/%{+YYYY-MM-dd}/%{application}/%{component}/%{host}-%{+YYYY-MM-dd-HH}.log.gz"
codec => line { format => "%{message}"}
file_mode => 0644
gzip => true
}
}
}