Hi,
I am trying to create a GROK filter that will handle different type of logtype and merge the log for java stacktrace exception.
Like i am having a below two log type
- Log with Message type
20160509 115807 I SD 0003 Designed for SysAdmins, Operations staff, Developers and DevOps who want to deploy the Elasticsearch, Logstash & Kibana (ELK) log management solution.
- Log with Java Stacktrace exception
20160509 115111 E ------ ---- RemoteTrapSender.initTrapPersistence: java.io.IOException: Scratchpad read failure (java.io.EOFException)
20160509 115111 E ------ ---- RemoteTrapSender.initTrapPersistence: at Util.Scratchpad$UnderlyingFile.read(Scratchpad.java:861)
Currently i am using the below filter, which do decent job of identifying the first log type
filter
{
if [type] == "log"
{
grok
{
patterns_dir => "D:/Logstash/patterns"
match => [ "message", "% {YEAR:Year}%{MONTHNUM:Month}%{MONTHDAY:Day} %{HOUR:Hour}%{MINUTE:Minute}%{SECOND:Second} %{LOGLEVEL:LogVerbosity} %{WORD:MODULE}%{SPACE}%{BASE10NUM:MODULEID} %{GREEDYDATA:message}" ]
}
}
I am trying to create a filter which will differentiate the logs and it will merge Java Stacktrace exception log and display as one.
I know for merging we can use multiline codec. But, i am finding it ambiguous to use.
Could someone please guide to the right direction on this.