Hello ELK experts,
This is my log sample:
WARN [Service Thread] 2016-06-30 14:42:41,538 GCInspector.java:256 - G1 Young Generation GC in 211ms. G1 Eden Space: 16894656512 -> 0; G1 Old Gen: 13259744800 -> 13267292200;
My grok pattern using parse above log entry:
Grok Pattern:
CASS_GC_GRACE %{CASS_BASE} %{DATA:msg} in %{INT:time_ms}ms. %{DATA}: %{INT:eden_orig_bytes} -> %{INT:eden_new_bytes}; %{DATA}: %{INT:oldgen_orig_bytes} -> %{INT:oldgen_new_bytes};( %{DATA}: %{INT:survivor_orig_bytes} -> %{INT:survivor_new_bytes};|)
Kibana message showing as like below as I was parsing:
message : INFO [Service Thread] 2018-03-08 13:45:14,609 GCInspector.java:284 - G1 Young Generation GC in 288ms. G1 Eden Space: 7012876288 -> 0; G1 Old Gen: 3055767536 -> 3076930544;
My Goal:
I want to see only G1 Young Generation GC in 288ms as one field with name called gc_pause = 288 (this is my gc pause time) and I want to see this as a line graph in my kibana to observer when the gc pause went up.
I am fine to modify at grok pattern or kibana search (I will prefer this) level to achieve my goal.
My Environment details:
elasticsearch-6.1.1
kibana-6.1.3-linux-x86_64
logstash-6.1.3
filebeat version 6.1.3
I really appreciate your help!
Thanks
Chandra