Hi,
I want to parse log file and keep the count of various messages per minute
I got the following config working for counting one type of message -. So below config is counting log lines containing "PixelLogParseAndEnrichFunc Entry" in a line.
I have 10-15 such different messages appearing in the log and want to get the count for each message per minute.
What is the best way to templatize this counting of messages? There has to be some better way than repeating these 25 lines ten times more.
filter {
grok {
match => ["message", "(?<input_pixel_log_event>PixelLogParseAndEnrichFunc Entry)"]
add_tag => "input_pixel_event"
}
if "input_pixel_event" in [tags] {
metrics {
meter => [ "input_pixel" ]
clear_interval => 60
flush_interval => 60
#timer => { "input_pixel" => "%{duration}" }
add_tag => "input_pixel_metric"
}
}
}
output {
if "input_pixel_metric" in [tags] {
file {
codec => line {
format => "input_pixel_metric_count: %{[input_pixel][count]}"
}
path => "/tmp/vaibhav_logstash_op"
}
}
}