Here is my configuration file.
input{
file{
path => "/home/kunal/Desktop/log/accessWeblogic.log"
start_position => beginning
ignore_older => 0
}
}
filter{
grok{
match => { "message" => " %{IP:cleintIP} - - [(?%{MONTHDAY}[/]%{MONTH}[/]%{YEAR}:%{TIME}\s+%{ISO8601_TIMEZONE})] "%{WORD:method} %{URIPATHPARAM:uri}\s+HTTP.+?" %{NUMBER:status} %{NUMBER:bytes}"}
}
date{
match => [ "timestamp" ,"dd/MMM/yyyy:HH:mm:ss Z"]
}
}
output{
elasticsearch{}
stdout{ codec => rubydebug }
}
After executing the logstash I am getting grok failure under tag.Below is the output for logstash command
===================================
/ELK/logstash-2.2.2/bin$ ./logstash -f weblogicAccesspattern.conf
Settings: Default pipeline workers: 1
Logstash startup completed
{
"message" => ":34c3:90a4:9e3b - - [15/May/2016:12:16:23 +0530] "GET /favicon.ico HTTP/1.1" 404 1164",
"@version" => "1",
"@timestamp" => "2016-06-22T09:33:59.626Z",
"path" => "/home/kunal/Desktop/log/accessWeblogic.log",
"host" => "kunal-VirtualBox",
"tags" => [
[0] "_grokparsefailure"
]
}
===================================
Below are the log entries for which I am trying to get the log analyis
0:0:0:0:0:0:0:1 - - [03/Apr/2016:10:35:57 +0530] "GET /favicon.ico HTTP/1.1" 404 1164
I tried to use apache log format but error is coming on " "
Regards,
Kunal