Multiple logs showing Kibana

anmohamed · March 31, 2020, 1:48am

Current Config is

filter {
grok {
patterns_dir => ["./patterns"]
match => { "message" => "[%{TIMESTAMP_ISO8601:timestamp} #%{POSINT:pid}] *%{RUBY_LOGLEVEL:loglevel} -- +%{DATA:progname}: %{GREEDYDATA:message}" }
}
}

Here kibana Message is showing method. I want to make those to separate. Could you please help me to do that

and I have 2 logs format. I want to run it from a single conf file.

%{TIMESTAMP_ISO8601:mongodb.log.timestamp} %{WORD:mongodb.log.severity} %{WORD:mongodb.log.component} %{GREEDYDATA:mongodb.log.context} %{GREEDYDATA:mongodb.log.message}

Mike.Barretta · April 1, 2020, 3:14pm

Not an answer, but a suggestion: Have you looked at the MongoDB module for Filebeat? It'll parse everything for you (no grok!) and build you a dashboard automatically.

system · April 29, 2020, 3:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.