Log file to json

erkant · October 1, 2018, 8:00am

Hi,
I installed elasticsearch-6.4.1, kibana-6.4.1, logstash-6.4.1 and filebeat.6-4.1

filebeat.yml
#=========================== Filebeat inputs =============================

filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.

- type: log
   

  # Change to true to enable this input configuration.
  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - var/log/test/*.log


#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["192.168.1.10:9200"]
  # Optional protocol and basic auth credentials.
  #protocol: "https"
  #username: "elastic"
  #password: "changeme"
 
-----------logstash.conf----------------
input {
  beats {
    port => 5044
  }
}
output {
  elasticsearch {
    hosts => ["192.168.1.10:9200"]
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}

everything okey. when send message show kibana.

I have log file for example;
09-11-2018 03:02 : DTC Install error = 0, InstallContacts, Exit, com\complus\dtc\dtc\adme\deployment.cpp (389)

I want show kibana;
time:09-11-2018 03:02 DTC
field1: install error = 0
field2: InstallContacts
field3: Exit
fields4: com\complus\dtc\dtc\adme\deployment.cpp (389)

how can I do this?(to json )

ty for help

erkant · October 2, 2018, 6:21am

hi again!
i change logstash.conf file but continous problem

---------------------logstash.conf-------------------------
input {
  beats {
    port => 5044 
  }
}
filter {
  grok { match => { "message" => "\[%{TIMESTAMP_ISO8601:timestamp}\]\[%{DATA:loglevel}%{SPACE}\]\[%{DATA:node}\s\]\s\[%{DATA:client}]\ %{GREEDYDATA:message}"}
}
}
output {
  elasticsearch {
    hosts => ["192.168.1.10:9200"]
    manage_template => false
    index => "%{[@metadata][beat]}"
   document_type => "%{[@metadata][json]}"
  }
}

kibana grok debugger result

pjanzen · October 2, 2018, 7:19am

You are sending your data directly to elasticsearch so it does not matter what filter you have in logstash, it will never be used. Inside filebeat setup a logstash output.

erkant · October 2, 2018, 10:16am

thank you so much.

system · October 30, 2018, 10:16am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Getting the logs in filebeat log but not in kibana Beats filebeat	3	440	March 26, 2020
Error in filebeat when sending logs to kibana Beats	15	2470	May 14, 2019
Logstash and Filebeat on Windows Kibana	8	318	July 7, 2023
No output to Elasticsearch Logstash	2	1706	July 6, 2017
Can't send logs from filebeats to logstash Beats filebeat	5	4204	September 21, 2019

Log file to json

Related topics