There is no field for Severity/Priority in log4j logs.
Logstash version 2.2.x
log4j config:
log4j.rootLogger=stdout
log4j.appender.stdout=org.apache.log4j.net.SocketAppender
log4j.appender.stdout.port=5050
log4j.appender.stdout.remoteHost=x.x.x.x
logstash config :
input {
log4j{
port =>5050
type => 'log4j'
codec => "json"
}
}
output {
elasticsearch {
hosts => ['172.30.0.148:9200']
}
}
And a log looks like:
@timestamp July 1st 2016, 11:30:18.775
t@version 1
t_id AVWlCybQRaRyYuJtS1Ke
t_index logstash-2016.07.01
#_score
t_type log4j
thost x.x.x.x
?message ZmdcCopyLookupRequiredZndcLookupRequiredJ timeStampLcategoryNametLjava/lang/String;LlocationInfot#Lorg/apache/log4j/spi/LocationInfo;LamdcCopytLjava/util/Hashtable;Lndcq~LrenderedMessageq~L
?port 60165
?tags _jsonparsefailure
?type log4j
I used a filter from below git page
But there were configuration errors and logstash stops running while using this filter.
How can I add severity field here?