The message format of the logs is:
< [2019-03-04T12:29:49,990][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600} />
I have to skip the square brackets and parse this message.
I tried this
< filter {
grok{
match => { "message" => "[%{TIMESTAMP_ISO8601:logdate}[%{LOGLEVEL:LEVEL}][%{GREEDYDATA:errormsg}]" }
}
}
/>
but its not working.
I debugged it and it is parsing only the date. but [info ] is not getting parsed because of the brackets maybe. There's no such familiar patterns in any of the answers.
did you actually get Logstash to start with that config? Logstash is usually very picky about config file syntax (well, which program isn't). The special character </> need to be within a filer definition. You can see my example above
I just started working on this so i haven't had any idea about the logs or how to parse them.
Can you please tell me how do filter the logs that's already in JSON format because i used type => json in my input block of logstash.conf.
That does not look like the source is in JSON. Logstash does not convert log formats into JSON by using type => json it is just told to expect JOSN on the input so it knows how to tokenise/parse it correctly. Are you feeding Logstash JSON or the original format you posted (which is)?
< [2019-03-04T12:29:49,990][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600} />
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.