HI,
I am newbie to Logstash, trying out few options.
I need help in creating my filter to store the values in the line #5 of log file as Output required below
#CONFIG USED
input {
file {
path => "D:/Log.txt"
start_position => "beginning"
}
}
grok {
match => { "message" => "%{TIMESTAMP:timestamp} %{WORD:username} %{WORD:group} %{WORD:role}" ]
}
output {
elasticsearch { hosts => ["localhost:9200"] }
}
#LOG FILE:
INFO - 2017/03/27-06:01:16.189 UTC - BNG1307005326D.09944 - CORBA server is starting - Teamcenter.SOA.tcserver_itk_main
INFO - 2017/03/27-06:01:22.463 UTC - .UnknownClient.00001 - Service Request: Core-2011-06-Session:login - Teamcenter.Soa.Communication
INFO - 2017/03/27-06:01:23.419 UTC - .UnknownClient.00001 - library libFnd0profiler is delay loaded - Teamcenter.Metamodel.MetaFrameWork at D:\workdir\tc1123w1205_64\src\core\metaframework\BusinessObjectRegistryImpl.cxx(2466)
INFO - 2017/03/27-06:01:24.174 UTC - .UnknownClient.00001 - Default encryption configuration. - Teamcenter.FoundationBase at D:\workdir\tc1123w1205_64\src\foundation\base\Crypto.cxx(106)
INFO - 2017/03/27-06:01:25.181 UTC - .UnknownClient.00001 - POM_login: "UserA" GroupA / RoleA has logged in - Teamcenter.POM at D:\workdir\tc1123w1205_64\src\foundation\pom\pom\pom_start.cxx(1296)
INFO - 2017/03/27-06:01:25.340 UTC - .UnknownClient.00001 - library libFnd0disclosure is delay loaded - Teamcenter.Metamodel.MetaFrameWork at D:\workdir\tc1123w1205_64\src\core\metaframework\BusinessObjectRegistryImpl.cxx(2466)
Successfully loaded dynamic module D:\Annex\aeapps\TC11\tcroot\bin\libFnd0disclosure.dll
NOTE - 2017/03/27-06:01:25.341 UTC - .UnknownClient.00001 - TC_AM_user_init: Invoking Customize_Access_Manager callback - Teamcenter.Organization.sa at D:\workdir\tc1123w1205_64\src\core\sa\am_fru.cxx(3679)
#Output required
"@timestamp" => 2017/03/27-06:01:25.340, "@username" => "UserA",
@group" => "GroupA",
"@role" => "RoleA"
Regards
Giri