Logstash Filter Issue and Kibana

wtran168 · June 18, 2017, 12:31pm

I'm having an issue with my logstash filter. The fields are not showing up in Kibana. I can't see what I'm doing wrong.

I have used the rubydebug and the output looks fine.

grok {
  match => { "message" => "%{DATE} %{TIME} \[%{DATA:class}\] \[%{DATA:method}\] \[%{DATA:user}\] \[%{DATA:organization}\] \[%{DATA:workspace}\] \[%{DATA:duration_ms}\] \[%{DATA:url}\] \[%{DATA:parameters}\] \[%{DATA:service}\] \[%{DATA:status}\] \[%{DATA:status_code}\] \[%{DATA:service_error}\] \[%{DATA:message_id}\]" }
}
date {
  match => [ "timestamp" , "dd/MM/yyyy HH:mm:ss.SS" ]
}

Sample of the input:
15/06/2017 21:10:19.629 [controller.content.FolderRESTJsonController] [getFolderContents] [UserID] [OrganizationID] [WorkspaceID] [34] [/tisco/documents/api/1.0/folders/FLD_ROOT] [] [FLD_BROWSE] [SUCCESS] [200] [] []
15/06/2017 21:10:31.159 [controller.content.FolderRESTJsonController] [getFolderContents] [UserID] [OrganizationID] [WorkspaceID] [8] [/tisco/documents/api/1.0/folders/FLD_ROOT] [] [FLD_BROWSE] [SUCCESS] [200] [] []

Please point me to where I might be doing something wrong.

magnusbaeck · June 19, 2017, 9:26pm

The fields are not showing up in Kibana.

What, exactly, do you mean by this? Where aren't they showing up?

system · July 17, 2017, 9:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.