Hello, great!
I really need your help.
I need to merge the lines of the same PostgreSQL event. My "/var/log/postgresql/postgresql-9.5-main.log" events are as follows:
2018-03-12 20:14:54 AMT [11143]: [1-1] LOG: connection received: host = 192.168.0.100 port = 45045
2018-03-12 20:14:54 AMT [11143]: [2-1] LOG: authorized connection: user = portalsetorial database = portal_setorial SSL enabled (protocol = TLSv1.2, cipher = ECDHE-RSA-AES256- GCM-SHA384, compression = enabled)
2018-03-12 20:14:54 AMT [11143]: [3-1] ERROR: missing entry for table "session" in clause FROM in character 10
2018-03-12 20:14:54 AMT [11143]: [4-1] COMMAND: SELECT @@ SESSION.sql_mode
2018-03-12 20:15:00 AMT [11143]: [5-1] LOG: disconnect: Session time: 0: 00: 05 817 user = portalsetorial database = portal_setorial machine = 192.168.0.100 port = 45045
I want, for example, that all events of id "11143" be sent to the "message" field, so that I can relate them correctly through Kibaba filters.
Today my file "logstash.yml" looks like this:
input {
file {
path => [ "/var/log/postgresql/*.log" ]
type => "all"
}
}
output {
elasticsearch { hosts => ["192.168.0.67:9200"] }
stdout { codec => rubydebug }
}
How should I do?
Any help is very welcome. Thank you!