I'm using Logback and Logstash in a SpringBoot application.
In the logback.xml I have a property with the name of the service, and is like:
configuration>
include resource="org/springframework/boot/logging/logback/defaults.xml" />
include resource="org/springframework/boot/logging/logback/console-appender.xml" />
property name="spring.application.name" value="service" scope="context"/>
appender name="stash" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
destination>localhost:9600
encoder class="net.logstash.logback.encoder.LogstashEncoder"/>
/appender>
root level="INFO">
appender-ref ref="CONSOLE" />
appender-ref ref="stash" />
/configuration>
The Logstash conf file is like:
input{ tcp{
port=> 9600
host=>logstash
}
}
filter {
grok {
match => {
"message" =>
"^%{TIMESTAMP_ISO8601:timestamp}\s+%{LOGLEVEL:level}\s+%{NUMBER:pid}\s+---\s+[\s*%{USERNAME:thread}\s*]\s+%{JAVAFILE:class}\s*:\s*%{DATA:themessage}(?:\n+(?(?:.|\r|\n)+))?$"
}
}
date {
match => [ "timestamp" , "yyyy-MM-dd HH:mm:ss.SSS" ]
}
mutate {
remove_field => ["@version"]
}
}
output{
elasticsearch {
hosts => ["elasticsearch"]
index => "indice"
}
stdout{}
}
The log is the following:
28T00:34:53.198+00:00","@version":1,"message":"Entrada de datos incompletos","logger_name":"com.empresa.miAlquiler.controllers.UserController","thread_name":"http-nio-7777-exec-2","level":"INFO","level_value":20000,"HOSTNAME":"8fe48aff9ca8","spring.application.name":"visit-service","X-Span-Export":"false","X-B3-SpanId":"1cccc5c7252100c4","X-B3-TraceId":"1cccc5c7252100c4"} tags:_grokparsefailure
But, the problem is that The property appears in the log, but whitin "message" field. I want to have the property as field (out of message), to filter the logs with Kibana
Is there anyway to do that?