Is this right? Because it seems to not be working. If I open Elasticsearch and go into the index to search for the filter if message is *warning* I find some fields, but none contain the error-field.
I also tried it with
if "warning" in [message]
if "warning" in [log_message]
if "warning" in "log_message"
Oct 21 15:21:44 M2 dis-f: pkt rx on ifd NULL unit 0
Oct 21 15:21:44 M2 fbc0 pkt rx on ifd NULL unit 0
Oct 21 15:21:46 M1 kernel: rtc4658je_rtc0: RTC ERROR(16): read failed for off:2(len:1)
Oct 21 15:21:46 M1 kernel: rtc4658je_rtc0: SETTIME failed for seconds: error 16
Oct 21 15:21:46 M1 kernel: warning: clock_settime failed (16), time-of-day clock not adjusted to system time
Here are some sample Lines, there is only one warning line. The other look similar to the ones above the warning failure.
Thanks for the help, I will let you know if I could make it work every moment.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.