Logstash Newby

shigatsu · October 12, 2018, 7:41am

Using filebeat and logstash, i'm having trouble with my grok pattern.

here's may sample.conf

input {
beats {
port => "5044"
}
}
filter {
grok {
match => { "message" => "%{DATE:logdate}%{SPACE}%{NUMBER:collected_files}%{SPACE}%{NUMBER:active_file_collection}%{SPACE}%{NUMBER:docker_user_cpu_usage}%{SPACE}%{NUMBER:docker_system_cpu_usage}%{SPACE}%{NUMBER:docker_IO_waiting_time}%{SPACE}%{NUMBER:docker_%mem_usage}%{SPACE}%{NUMBER:vm_user_cpu_usage}%{SPACE}%{NUMBER:vm_sys_cpu_usage}%{SPACE}%{NUMBER:vm_IO_waiting_time}%{SPACE}%{NUMBER:vm%_mem_usage}%{SPACE}%{NUMBER:%_threads_running}"}
}
date {
match => [ "logdate", "dd-mm-yyyy hh:mm:ss" ]
}
}
output {
stdout { codec => rubydebug }
}

and the logstash out:

{
"host" => {
"name" => "PET"
},
"@version" => "1",
"prospector" => {
"type" => "log"
},
"@timestamp" => 2018-10-12T07:17:51.919Z,
"offset" => 4454,
"message" => "06-05-2018 22:00:44 761 198 8.0 0.8 0.1 98.00 8.0 0.8 0.1 60.00 0.0000",
"source" => "/var/log/logstat_pet.log",
"input" => {
"type" => "log"
},
"tags" => [
[0] "beats_input_codec_plain_applied",
[1] "_grokparsefailure"
],
"beat" => {
"hostname" => "PET",
"version" => "6.4.2",
"name" => "PET"
}
}

Hope there's anyone that could help me debug this.

Thanks in advance.

system · November 9, 2018, 7:52am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.