Logstash Data Filter

Bheeshma · February 17, 2018, 4:31pm

Hi,

I have application log file with user log in and logout details , number of users logged in to the application and the status of the application in the below format recorded in App.log file.

[Tue Oct 17 12:15:01 2017]Local/App0///14296/Info(1051187)

Logging in user [admin@Native Directory] from [::ffff:10.77.2.1

I tried filter the data using below statement, it is never showing anything onto Kibana... Can you please guide how to filter if the logs recorded in the above format

input {
file {
path => "/var/lib/logstash/APP.LOG"
start_position => "beginning"
}
}

filter {
grok {
match => { "message" => "%{TIMESTAMP:dd MM YY HH:MM:SS} %{WORD:message}" }
}
}

output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}

Thanks
Bheeshma

magnusbaeck · February 18, 2018, 2:28pm

You've misunderstood how the grok filter works. You have also conflated it with the date filter. Try using the grok constructor web site to get help building your grok expression.

system · March 18, 2018, 2:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash grok filter partial working Logstash	2	574	March 1, 2019
Need help with the grok and the date filter for parsing logs Logstash	29	2720	July 25, 2017
Log not show in kibana after filter in logstash Logstash	1	365	September 21, 2018
Logstash - filter message Logstash	3	232	April 23, 2020
How to Filter log base on log line Logstash	6	1039	May 7, 2018

Logstash Data Filter

Related topics