My conf file not working

Elastic Stack Logstash
1

Hi. i need help with my log. Need to parse local log information to Elasticsearch about errors in web app. I'm novice and my superiors asked me to study logstash work and conf files. Time is almost up, but i'm stuck with making a conf file for my logs... Please advice me how to parse this example of log:

<16203> <2018.01.24 00:02:35:135> <INFO> Used version of app: 1.0.4
<16210> <2018.01.24 00:02:35:135> <INFO> Starting test report: FO_002_001_report (Сравнение МО по источникам финансирования дефицитов бюджетов) (001)
<16217> <2018.01.24 00:02:35:135> <INFO> Report description: uuid=96a06aec-2ca7-404d-bd85-392e6437ac3c, version=16.11.2015 05.45.55.000
<16257> <2018.01.24 00:02:35:135> <INFO> parameter mobileConfig=undefined
<16296> <2018.01.24 00:02:35:135> <INFO> report downloading http://budget.mosreg.ru/static-report/web/report-desktop-war.html?reportId=96a06aec-2ca7-404d-bd85-392e6437ac3c&version=16.11.2015%2005.45.55.000&device=Desktop&debug=true
<16303> <2018.01.24 00:02:35:135> <INFO> Frame creation
<16870> <2018.01.24 00:03:05:15> <ERROR> WRFT-0008. Error to access WebReports.

If log have an errors - it's name will be something like that: FAILURE_FO_002_004_detailReport_9743c668-29fd-4369-a763-1508412dd713
If log don't have an errors - it's name will be like that: SUCCESS_FO_002_004_detailReport_9743c668-29fd-4369-a763-1508412dd713

All logs will be local. I need information in Kibana:

  1. Errors
  2. Successes
  3. name of reports which tested (FO_002_004_detailReport_9743c668-29fd-4369-a763-1508412dd713 for example)
  4. Filter by reports name
  5. Url of report (Example - http://budget.mosreg.ru/static-report/web/report-desktop-war.html?reportId=96a06aec-2ca7-404d-bd85-392e6437ac3c&version=16.11.2015%2005.45.55.000&device=Desktop&debug=true)
  6. Timestamp
  7. etc filter information.

Using Bitnami ELK 6.2.2-0

My example of conf log:

<input {
 file {
     path => "/opt/bitnami/logstash/wildfly_logs"
     start_position => beginning
 }

}
filter {
grok {
match => { "message" => "%{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" }
}
}
output {
elasticsearch {
hosts => [ "127.0.0.1:9200" ]
}
}
/>

Please help me to parse my first log)

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.