Logstash : Filter Error message from Logs

Moulika_Magatapalli1 · December 21, 2018, 2:31pm

Hi , I am using Logstash to parse and filter the data. The input data looks something like this:

------------------------------------------------------
Environment File - 12/07/2018 09:31:19
------------------------------------------------------
-- File Name:  org/apache/catalina/core/ContainerBase/jboss/web/default-host/........... Path
------------------------------------------------------
Reading Environment Error File - 12/07/2018 09:31:19
------------------------------------------------------
-- File Name: org/apache/catalina/core/ContainerBase/jboss/web/default-host/.....
org/apache/catalina/core/ContainerBase/jboss/web/default-host........
.....Path.  Fri Dec  7 09:31:18 2018

Lock failed on recovery file org/apache/catalina/core/ContainerBase/jboss/web/default-host/
because the .......
....... text.

------------------------------------------------------
Reading Error  Files - 12/07/2018 09:31:19
------------------------------------------------------

The Error message contains multiple lines and no common pattern. How to filter Errors only from logs ?

NerdSec · December 24, 2018, 4:29am

This is a multi-line log. How are you consuming this data?

Filtering data should ideally be done as close to the source of data. If you are using Filebeat, they have multi-line support. You could use the regex check to consume only the data that you need.

Topic		Replies	Views
Logstash - parse/ filter lines having a specific string Logstash	5	1050	December 2, 2021
Using logstash, How to filter Errors only from logs? Logstash	10	15247	November 4, 2022
How to filter only error from log file Logstash	10	17257	July 7, 2017
How can I Filter Error logs Logstash	1	295	December 30, 2019
Allow logstash to store multi-line messages Logstash	2	424	June 14, 2018

Logstash : Filter Error message from Logs

Related topics