HI Team,
I have browser information in one field and how could i fetch browser version and name everything using logstash,
userAgent = Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36
without install this plugin i cannot perform the above action am i right
while im trying to install ingest plugin in offline im getting below error,
./bin/elasticsearch-plugin install file:///usr/share/elasticsearch/ingest-user-agent-6.4.0.zip
-> Downloading file:///usr/share/elasticsearch/ingest-user-agent-6.4.0.zip
[=================================================] 100%??
ERROR: elasticsearch directory is missing in the plugin zip
Path to your zip file is incorrect, make it simple and put the zip file in the /tmp directory
then use file:///tmp/ingest-user-agent-6.4.0.zip
-krw
Thanks,
After solving that i'm getting below error
Exception in thread "main" java.io.FileNotFoundException: /usr/tmp/elasticsearch/ingest-user-agent-6.4.0.zip (Not a directory)
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at java.io.FileInputStream.<init>(FileInputStream.java:93)
at sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90)
at sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188)
at org.elasticsearch.plugins.InstallPluginCommand.downloadZip(InstallPluginCommand.java:334)
at org.elasticsearch.plugins.InstallPluginCommand.download(InstallPluginCommand.java:253)
at org.elasticsearch.plugins.InstallPluginCommand.execute(InstallPluginCommand.java:221)
at org.elasticsearch.plugins.InstallPluginCommand.execute(InstallPluginCommand.java:212)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:75)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.plugins.PluginCli.main(PluginCli.java:48)https://www.elastic.co/guide/en/elasticsearch/plugins/6.4/ingest-user-agent.html
That's an ES plugin that the OP doesn't need. Use Logstash's useragent filter to parse useragent strings.
HI Magnusbaeck,
Initially i tried that way only but it doesnt work,
its contain the browser info "user_browserInfo"
useragent {
source => "user_browserInfo"
prefix => "browserInfo_"
}
am i doing any wrong
Initially i tried that way only but it doesnt work,
What happens? What does an example event look like after processing (copy/paste raw JSON from Kibana)?
HI,
This is my json message,
`{"version":"1.0.0","environment":{"name":"1","hostName":"x","virtualMachine":"na","clusterName":"x","containerId":"na","containerName":"na","containerType":"JAVA"},"application":{"project":"na":"na","name":"na","type":"net"},"type":"REPORT","status":"Success","headers":{"httpStatusCode":200,"responseSize":0,"clientIp":"xx.x.x.x","referrerUrl":"na","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36","saneId":"x.x.x.x","sessionToken":"na","publicGuid":"na","url":"na","requestMethod":"GET","locale":"na"},"responseTime":13,"timestamp":"2018-09-20T14:36:41.610Z","correlationId":"na","functionName":"/na","ervicesTimestamp":"2018-09-20T14:36:41.673Z"}
filter section,
json {
source => "message"
}
mutate{
add_field => {
"user_browser" => "%{headers.userAgent}"
}
}
useragent {
source => "user_browser"
prefix => "browserInfo_"
}
Issue is fixed now and now i can extract the browser data.
Thanks Magnus... my bad
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.