Logstash Data Filter

Bheeshma · February 17, 2018, 4:31pm

Hi,

I have application log file with user log in and logout details , number of users logged in to the application and the status of the application in the below format recorded in App.log file.

[Tue Oct 17 12:15:01 2017]Local/App0///14296/Info(1051187)

Logging in user [admin@Native Directory] from [::ffff:10.77.2.1

I tried filter the data using below statement, it is never showing anything onto Kibana... Can you please guide how to filter if the logs recorded in the above format

input {
file {
path => "/var/lib/logstash/APP.LOG"
start_position => "beginning"
}
}

filter {
grok {
match => { "message" => "%{TIMESTAMP:dd MM YY HH:MM:SS} %{WORD:message}" }
}
}

output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}

Thanks
Bheeshma

magnusbaeck · February 18, 2018, 2:28pm

You've misunderstood how the grok filter works. You have also conflated it with the date filter. Try using the grok constructor web site to get help building your grok expression.

system · March 18, 2018, 2:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filter Grook Logstash	2	214	April 13, 2020
Grok filter for log files in logstash Logstash	14	2475	February 7, 2020
Problem with Grok filter with my logfile Logstash	2	600	July 6, 2017
How can I filter certain information from the logs? Kibana	8	446	December 6, 2023
How to filter my logs Logstash	9	517	June 29, 2018

Logstash Data Filter

Related Topics