I want to get the log level field in kibana for all the logs
For example,
2019-01-16 13:54:55,833 INFO [org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean] (default task-29) Creating Service {http://www.GETWPWS.WBS2PRMI.com}GETWPWSService from WSDL: file:/var/acweb/properties/GtWp.wsdl
2019-01-16 13:54:55,929 ERROR [io.undertow.request] (default task-29) UT005023: Exception handling request to /agent/agentweb/tertiary_template.jsp: javax.servlet.ServletException: javax.servlet.ServletException: javax.servlet.ServletExc
eption: javax.servlet.jsp.JspException: No bean found under attribute key policyCorrespondenceDocumentList
at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:286)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:449)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)
I need to get log level as INFO, ERROR, WARN, DEBUG ... In the above I have two entries one is INFO and other is ERROR. Is there any option to get these values for log level field?
I tried using grok filter but didn't work
As displayed, that is not a valid grok pattern. If you are posting a configuration please select it in the edit pane and click on </> in the toolbar above the pane.
What are you trying to achieve using the mutate filter?
Well, it will add a field called loglevel to the event. If you ingest that into elasticsearch then if kibana queries elasticsearch the field will be there.
filter {
if "abcd" in [tags] {
match => { "message" => ["^%{TIMESTAMP_ISO8601:timestamp1} %{LOGLEVEL:loglevel}"] }
}
}
[2019-01-16T14:57:37,361][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.4.1"}
[2019-01-16T14:57:37,623][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, { at line 68, column 8 (byte 1092) after filter {\n if "abcd" in [tags] {\n match ", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:41:in compile_imperative'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:49:incompile_graph'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:11:in block in compile_sources'", "org/jruby/RubyArray.java:2486:inmap'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:10:in compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:149:ininitialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:22:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:90:ininitialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:38:in execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:309:inblock in converge_state'"]}
timestamp1 and loglevel field should be displayed like in the below image
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
