Input from 3 log files on 1 visualization on kibana

falconpurple · June 27, 2020, 10:33am

Hi,

I have to connect 3 log files.
The Logfile 1 contains fields:
Logdate,request_type,responsetime
The Logfile 2 contains fields:
Logdate,request_type,responsetime
The Logfile 3 contains fields:
Logdate,request_type,responsetime

I have to create a line chart on kibana which shows response time from all the log files.

Can you please suggest me how to do it?

dadoonet · June 27, 2020, 12:21pm

You can use filebeat to read all the files and index the content in elasticsearch. Depending on the content, you might have to parse the logs using a dissect processor in an ingest pipeline to create a structured document.

Then you will be able to show all that in Kibana.

falconpurple · June 27, 2020, 1:25pm

Hi,
Thank you for the suggestion.

I have written the logstash conf file .
The data is coming only from the third logfile on kibana.

input{
		file{
				path => "C:/Users/Downloads/ingest.log"
				
				
				start_position => "beginning"
				sincedb_path => "NUL"					
				
			}
		file{
				path => "C:/Users/Downloads/ingest2.log"
				
				
				start_position => "beginning"
				sincedb_path => "NUL"					
				
			}
			file{
				path => "C:/Users/mohnadik/Downloads/ingest3.log"
				
				
				start_position => "beginning"
				sincedb_path => "NUL"					
				
			}
				
		
	}
filter {
    if [path] == "C:/Users/Downloads/ingest.log"
	{
	grok {
        match => {
		"message" => "%{TIMESTAMP_ISO8601:logdates}%{WORD:request_type}%{WORD:Time1}"
					}
			}
			date {
				match => [ "logdates", "YYYY-MM-dd HH:mm:ss.SSS" ]
				target => "logdates"
				timezone => "CET"
		}
	}
	if [path] == "C:/Users/Downloads/ingest2.log"
	{
	grok {
        match => {
		"message" => "%{TIMESTAMP_ISO8601:logdates}%{WORD:request_type}%{WORD:Time2}"
					}
			}
			date {
				match => [ "logdates", "YYYY-MM-dd HH:mm:ss.SSS" ]
				target => "logdates"
				timezone => "CET"
		}
	}
	if [path] == "C:/Users/Downloads/ingest3.log"
	{
	grok {
        match => {
		"message" => "%{TIMESTAMP_ISO8601:logdates}%{WORD:request_type}%{WORD:Time1}"
					}
			}
			date {
				match => [ "logdates","yyyy-MM-dd HH:mm:ss.SSS" ]
				target => "logdates"
				timezone => "CET"
		}
	}
			
	
	
	}
	

output{

    
		elasticsearch {
                        hosts => ["localhost:9200"]
						index => "demo"
                       
                    }
		
		
		
		stdout{}
	
	
		
	}

system · July 25, 2020, 1:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.