Logstash : Filter Error message from Logs

Moulika_Magatapalli1 · December 21, 2018, 2:31pm

Hi , I am using Logstash to parse and filter the data. The input data looks something like this:

------------------------------------------------------
Environment File - 12/07/2018 09:31:19
------------------------------------------------------
-- File Name:  org/apache/catalina/core/ContainerBase/jboss/web/default-host/........... Path
------------------------------------------------------
Reading Environment Error File - 12/07/2018 09:31:19
------------------------------------------------------
-- File Name: org/apache/catalina/core/ContainerBase/jboss/web/default-host/.....
org/apache/catalina/core/ContainerBase/jboss/web/default-host........
.....Path.  Fri Dec  7 09:31:18 2018

Lock failed on recovery file org/apache/catalina/core/ContainerBase/jboss/web/default-host/
because the .......
....... text.

------------------------------------------------------
Reading Error  Files - 12/07/2018 09:31:19
------------------------------------------------------

The Error message contains multiple lines and no common pattern. How to filter Errors only from logs ?

NerdSec · December 24, 2018, 4:29am

This is a multi-line log. How are you consuming this data?

Filtering data should ideally be done as close to the source of data. If you are using Filebeat, they have multi-line support. You could use the regex check to consume only the data that you need.

system · January 21, 2019, 4:29am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.