Can the Elastic Stack accept and parse logs in French?
The logs would be coming from equipment that is configured in french and, for example, fields will be arriving in french.
Can ES parse these properly?
As far as I can tell, it would simply require the proper configuration of LogStash pipelines.
Is this accurate? If you could shed some light on this, I'd be grateful.
If you need any information, just ask!
WDYM by « in french »?
Can you share an example ?
What I mean is that the field names will be in French, for example:
instead of "host (origin): IP" the log will say "hôte (origine) : IP"
Thanks for the reply.
I don't see any problem of parsing that.
Do you have any issue?
Well, no because I haven't tried it yet. I'm still debating on the use of ELK in our environment and have very little experience with parsing logs.
I guess I have 2 questions now,
- Is there a way to transform these logs into a standardized format, or will that have to be developed?
- (More generally) Is there such a thing as automatic log acceptance or does the pipeline have to be configured for each log type?
Is there a way to transform these logs into a standardized format, or will that have to be developed?
If your application can generate OOTB JSON logs, then that will be easier.
But this is not the case here I guess.
Logstash is indeed one way to parse logs using a grok filter. You can also use an ingest pipeline in elasticsearch using Grok as well.
Is there such a thing as automatic log acceptance or does the pipeline have to be configured for each log type?
You need to configure a pipeline per log type.
Thanks a tonne, David. If you don't mind, could you answer a couple more questions?
Are there any other ways?
Is there some way to preserve/access the raw log after it has been transformed by Logstash?
By default logstash keeps the original message intact in message field.
David, you have been incredible, thank you.
This all seems like it's very basic and I hate to waste your time. Is there some place I can find information like this? I looked through the documentation but it is too general for me. I need something a little more specific like the questions I'm asking you.
I think that Logstash Reference guide has a good chapter about this: https://www.elastic.co/guide/en/logstash/current/first-event.html
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.