How to read log.gz?


(David Tito Jordy Ruiz Sotelo) #1

Hi! any idea of how to read log.gz in logstash-Linux, it's UTF-8 format. I've tried "gzip_lines", but it doesn't load any data.

This is the message...
Sending Logstash's logs to /usr1/kibana/logstash-5.4.0/logs which is now configured via log4j2.properties
[2017-05-26T09:36:25,920][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://localhost:9200/]}}
[2017-05-26T09:36:25,925][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://localhost:9200/, :path=>"/"}
[2017-05-26T09:36:26,032][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>#<URI::HTTP:0x15285e75 URL:http://localhost:9200/>}
[2017-05-26T09:36:26,035][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>"/usr1/kibana/logstash-5.4.0/bin/sunat_datapower_template.json"}
[2017-05-26T09:36:26,089][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"template"=>"sunat_elk_datapower_", "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"default"=>{"dynamic_templates"=>[{"message_field"=>{"mapping"=>{"index"=>"not_analyzed", "omit_norms"=>true, "type"=>"string"}, "match_mapping_type"=>"string", "match"=>"message"}}, {"string_fields"=>{"mapping"=>{"index"=>"analyzed", "omit_norms"=>true, "type"=>"string", "fields"=>{"raw"=>{"index"=>"not_analyzed", "ignore_above"=>256, "type"=>"string"}}}, "match_mapping_type"=>"string", "match"=>""}}], "_all"=>{"enabled"=>true}}}}}
[2017-05-26T09:36:26,099][INFO ][logstash.outputs.elasticsearch] Installing elasticsearch template to template/sunat_elk_datapower*
[2017-05-26T09:36:26,163][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>[#<URI::HTTP:0x171a86c1 URL:http://localhost:9200>]}
[2017-05-26T09:36:26,248][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>250}
[2017-05-26T09:36:26,499][INFO ][logstash.pipeline ] Pipeline main started
[2017-05-26T09:36:26,577][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

Thanks in advance...


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.