Logstash - Saving Soap/Rest Request

rakesh76 · December 10, 2015, 7:57pm

Hi

I am very new to elastic search and logstash so need guidance.

We are having different environment e.g dev1, dev2, test, For each environment there is log4 log file which contains soap/rest request.
I am able to parse those file using GROK pattern and able to save in ES.
Our Soap/REST and request/response is having one of the filed called transaction id

e.g message": [
<n:transactionId>f6095126-5397-4f60-8669-c17ff0486c74</n:transactionId>
remaining another 40 elements. ...
]

my search query should be "environment=? and transactionId=?"

How can I achieve this ?

Thanks

magnusbaeck · December 11, 2015, 8:09am

Use the xml filter to parse the message and extract the transaction id into a field of its own. To get the environment name into each event, use add_field in the input declaration:

input {
  file {
    ...
    path => "/some/path/dev1.log"
    add_field => {
      "environment" => "dev1"
    }
  }
}

rakesh76 · December 11, 2015, 3:21pm

Thanks magnusbaeck for your reply.