Logstash to parse custom exception log

bamboomy · November 13, 2019, 10:59am

Dears,

I know there are a lot of tutorials and examples with almost an answer but I don't seem to get it right...

I want to parse exception logs

and they are in the following format:

ERROR (some data that I like to parse)
(some other data)

(the stacktrace)
at ...
Caused by: ...
at ...
ERROR (some data that I like to parse)
(next event)

I seem to manage to get all the data in an event except for the ERROR line with:

input {
file {

    path => "/exception_log4j.log.1"

    codec => multiline {
            pattern => "ERROR"
            negate => "true"
            what => "next"
    }

    sincedb_path => "/dev/null"

    start_position => "beginning"
  }

}

filter {

            grok {
                      match => {"message" => "%{GREEDYDATA:data}"}
            }

}

output{

    stdout { codec => rubydebug }

}

If I set negate to "false" any line is matched...

How do I get this data in one event and also the data of the ERROR line?

Or which other approach should I take?

Thanks for reading an it would be grand if you can help me a hand...

Best regards,

S.

system · December 11, 2019, 10:59am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Need help with Parsing Multiline StackTrace Logstash	5	2796	July 31, 2019
Grok filter cannot parse log lines that are AFTER a multiline event Logstash	8	1960	July 6, 2017
Issue with custom parsing in grok filter Logstash	3	320	May 8, 2019
Grok pattern for java exceptions Logstash	2	1395	July 6, 2017
How may I get only ERROR related logs from my stack trace? Logstash	5	1679	September 17, 2018

Logstash to parse custom exception log

ERROR (some data that I like to parse) (some other data)

Related topics

ERROR (some data that I like to parse)
(some other data)