Ingesting Mainframe logs


(Sajeew Ganesh) #1

Hi,

Im looking to work on mainframe logs. i am looking for help. can anyone assist how to ingest mainframe logs to logstash.
The sample logs are as below.

N 0000000 T158 2017208 23:59:00.24 00000281 IEF196I IEF237I JES2 ALLOCATED TO SYSLOG43
N 0000000 T158 2017208 23:59:00.26 00000281 IEF196I IEF285I +MASTER+.SYSLOG.STC50978.D0000143.? SYSOUT
X 0000000 T158 2017208 23:59:00.27 SYSLOG 00000000 IEE042I SYSTEM LOG DATA SET INITIALIZED
N 4000000 T158 2017208 23:59:00.26 00000291 IEE043I A SYSTEM LOG DATA SET HAS BEEN QUEUED TO SYSOUT CLASS M
N 8000000 T158 2017208 23:59:00.34 STC50980 00000290 MTR022I BEGIN AUTOMATED RULE FOR MSG MVS#IEE043I
N 8000000 T158 2017208 23:59:00.34 STC50980 00000290 MTR022I BEGIN AUTOMATED RULE FOR TOD TODH0#MQOPER
N 8000000 T158 2017208 23:59:00.35 STC50980 00000290 MTR027I ISSUING OPER COMMAND FOR TOD TODH0#MQOPER
N 8000000 T158 2017208 23:59:00.35 STC50980 00000290 MTR027I ISSUING OPER COMMAND FOR MSG MVS#IEE043I


(Magnus Bäck) #2

Use a grok filter. If you're unfamiliar with regular expressions the grok constructor web site could be helpful.


(Sajeew Ganesh) #3

Thanks.
Yes. It worked. Now actually what i feel as a challenge is how could the mainframe log be converted as a normal time stamp. Where there is Julian Date in Mainframe logs. will logstash convert it or any specific tags to be written?


(Magnus Bäck) #4

Have a look at this thread: Need Help in converting Julian date in to Calender date


(Sajeew Ganesh) #5

Thank you


(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.