How to feed the below Schema file in the ELK Stack and receive the output

Elastic Stack Logstash
#1

Hi Folks ,

        Have a pleasant day  ahead.

       We have installed ELK stack with NX log in windows 2008 R2 server.Now,we need to analyse the following log structure in this stack.I am not a programmer.Could,some one guide me to feed the log to the ELK stack & how to configure to get the graphical output.

Scheme to be Analysed :

#Fields: c-ip cs-username c-agent sc-authenticated date time s-svcname s-computername cs-referred r-host r-ip r-port time-taken cs-bytes sc-bytes cs-protocol cs-transport s-operation cs-uri cs-mime-type s-object-source sc-status s-cache-info rule FilterInfo cs-Network sc-Network error-info action

Planning to take top bandwidth users and list of top websites

-- Suriya

#2

Are you tasking how to parse a log message containing those fields in some form? If yes, please post an actual log message.

#3

Hi

Thanks for your revert :slight_smile:

192.165.19.97 India\hemasri Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E) Y 2015-11-20 22:09:53 w3proxy DLGWEPX01B - upstream.ocissia.out.inet.ssi.indgrp.net 215.116.18.43 8080 - 907 444 SSL-tunnel TCP - www.indiacements.in:443 - Upstream 995 - Web Proxy Req ID: 3d289fa7 Internal External 0x888 Failed

192.165.181.98 US\KuuCha Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36 Y 2015-11-20 22:09:53 w3proxy ITHYLGWEBPXB - upstream.ocissia.out.inet.ssi.indgrp.net 215.116.18.43 8080 125 2384 124203 http TCP GET http://oracle.ittoolbox.com/groups/technical-functional/oracle-bi-l/agents-in-obiee-11g-invalid-subscribers-skipped-5443767 text/html; charset=utf-8 VCache 304 0x9210100 Web Proxy Req ID: 3d289fcc Internal External 0xc80 Allowed

-- Suriya

#4

Hi ,

Could you please post the update on this part.

-- Suriya

#5