DEBUG 20161219T172835.101-05:00 59 Client start
DEBUG 20161219T172835.101-05:00 59 Client v=1
DEBUG 20161219T172835.101-05:00 59 Client v=2
DEBUG 20161219T172835.461-05:00 59 Client end
INFO 20161219T172835.461-05:00 - Initializing v
INFO 20161219T172835.461-05:00 - v initialized
DEBUG 20161219T172734.179-05:00 30 Client start
DEBUG 20161219T172734.179-05:00 30 Client v=4
DEBUG 20161219T172734.179-05:00 30 Client v=5
DEBUG 20161219T172734.539-05:00 30 Client end
Now i want to capture all the events occurred between keywords "start" & "end" . Could anyone suggest how write configuration for logstash or any DSL query to achieve this...
Thanks
Right, but what do you have, what config?
I don't want to come across rude, but we aren't going to write if for you. We're more than happy to help you adapt what you have though
If you want to discard start/end lines, you can simply use something like :
if [message] =~ "start|end" {
drop{}
}
If you want that log lines "v=INT" are aggregated into only one document, then you have to use aggregate filter.
And if so, what is the final expected document ?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.