I want to parse the file from the JSON object sent by filebeat to logstash file. Can anyone please help me here?
There are probably many ways, but I have this sample:
if [log][file][path] =~ /idp-warn.log/ {....}
Its not working, condition always falls in else part
Add a "debug" logstash stdout section, that will show your event field structure. Add metadata => true also.
Are you harvesting these logs with logstash on each host or are you using filebeat sending to logstash? My example is filebeat -> logstash.
Actually we have multiple machines with filebeatand all these machines will be sending logs to logstash on a single machine. That machine will be parsing and sending data to elasticsearch.
This is my proposed architecture and i would like to have your kind commenst and suggestions on it as you must got a vast experience in it.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.