Our task was Read both Apache and Springboot log file and add a tag name as given below, to differentiate the logs.
- Apache logfile -> apacheLog
- spring-boot logfile -> javaLog
Print the standard output and write it to /usr/share/logstash/output.txt file
we written code as below which is not working please help us -
input {
file {
type => "apache"
path => [ "/usr/share/logstash/logstash-tutorial.log" ]
start_position => "beginning"
ignore_older => 0
}
file {
type => "java"
path => [ "/usr/share/logstash/Application-Log/springboot3.log" ]
codec => multiline {
pattern => "^%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}.*"
negate => "true"
what => "previous"
}
}
}
filter {
if [message] =~ "%{COMBINEDAPACHELOG}" {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
add_tag => ["apacheLog"]
}
if [message] =~ "\tat" {
grok {
match => ["message", "^(\tat)"]
add_tag => ["JavaLog"]
}
}
output {
stdout {
codec => 'rubydebug'
}
file {
path => "/usr/share/logstash/output.txt"
}
}