Hi Team,
I have created the portal.conf and input log file then restarted the logstash . Logstash started with out any error but not processing any records.I have mentioned portal.conf /input log file.Please help me with some suggestions.Thanks in advance
Portal.conf:
input {
file {
path => [ "/opt/glassfish8/glassfish/domains/domain1/config/logs/portal_transaction.log" ]
#start_position => "beginning"
sincedb_path => "/etc/logstash/Portal.sincedb"
type => "portal_transactionlog"
}
}
filter {
if ([type] == "portal_transactionlog") {
grok {
match => ["message","%{DATA:requestTime},%{DATA:BusinessCategory},%{DATA:spId},%{DATA:appId},%{DATA:fromNEType},%{DATA:toNEType},%{DATA:incidentCount},%{DATA:result},%{DATA:subId},"]
}
}
mutate{
gsub => [
"host",".","",
"BusinessCategory",".",""
]
}
metrics {
meter => ["metrics.%{host}.%{appId}.%{BusinessCategory}.%{result}"]
timer => ["metrics.%{host}.%{appId}.F10lat","%{incidentCount}"]
clear_interval => 60
flush_interval => 60
rates => []
percentiles => []
}
}
output {
graphite {
host => "*******"
port => ****
fields_are_metrics => true
exclude_metrics => ["%{[^}]+}", "requestTime","incidentCount","BusinessCategory","spId","appId","fromNEType","toNEType","resultCode","subId","host","message","type","path"]
resend_on_failure => true
}
}
Input log file:
2020-05-08 04:51:37.246,SB.SUBS@FE_Service,XXXXX,FE_Service,XXXX_FE,SB_XXXX,20,PASS,9e62-e24d97076065,
2020-05-08 05:51:37.342,SB.SUBS@FE_Service,XXXXX,FE_Service,XXXX_FE,SB_XXXX,30,PASS,9e62-e24d97076075,
2020-05-08 06:51:37.246,SB.SUBS@FE_Service,XXXXX,FE_Service,XXXX_FE,SB_XXXX,40,PASS,9e62-e24d97076085,
2020-05-08 07:51:37.213,SB.SUBS@FE_Service,XXXXX,FE_Service,XXXX_FE,SB_XXXX,50,PASS,9e62-e24d97076095,
2020-05-08 08:51:37.213,SB.SUBS@FE_Service,XXXXX,FE_Service,XXXX_FE,SB_XXXX,50,PASS,9e62-e24d97076100,
2020-06-08 08:51:37.213,SB.SUBS@FE_Service,XXXXX,FE_Service,XXXX_FE,SB_XXXX,50,PASS,9e62-w23497077100,
logstashlog:
[2020-05-11T14:48:58,961][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.8.3"}
[2020-05-11T14:49:05,958][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>8, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[2020-05-11T14:49:06,536][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x24baebb9 sleep>"}
[2020-05-11T14:49:06,582][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>}
[2020-05-11T14:49:06,607][INFO ][filewatch.observingtail ] START, creating Discoverer, Watch with file and sincedb collections
[2020-05-11T14:49:06,881][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-05-11T14:52:19,539][WARN ][logstash.runner ] SIGTERM received. Shutting down.
[2020-05-11T14:52:19,652][INFO ][filewatch.observingtail ] QUIT - closing all files and shutting down.
[2020-05-11T14:52:20,298][INFO ][logstash.pipeline ] Pipeline has terminated {:pipeline_id=>"main", :thread=>"#<Thread:0x24baebb9 run>"}
[2020-05-11T14:52:20,323][INFO ][logstash.runner ] Logstash shut down.
[2020-05-11T14:58:08,283][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.8.3"}
[2020-05-11T14:58:15,007][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>8, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[2020-05-11T14:58:15,579][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x23734df4 run>"}
[2020-05-11T14:58:15,634][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>}
[2020-05-11T14:58:15,650][INFO ][filewatch.observingtail ] START, creating Discoverer, Watch with file and sincedb collections
[2020-05-11T14:58:15,893][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}