Hello guys,
I pretty noob in Elastic, and I trying to implement a filter, for the messages of a SpringBoot application running on docker, that is sending the logs to Logstash using the syslog driver.
The messages seems like:
"message": "<30>Oct 13 13:29:51 container-name[10039]: 2017-10-13 16:29:51.551 INFO 1 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean : Mapping filter: 'requestContextFilter' to: [/*]"
The most important for me, is extracting the container-name to a new field.
Im using the next pattern , bit is not working.
match => { "message" => "<%{NUMBER:whatever}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{GREEDYDATA:syslog_message}" }
Thank u in advance 