Nothing outputting at all

Jaxon_Kochel · May 22, 2017, 3:49pm

So I'm assuming i broke my config file somewhere as I'm no longer getting terminal output for any files, and they havent yet been read. I'm not getting nay terminal errors, is there any way for me to debug what is going on? I'll add in my config file. Yes I know there is a lot of redundant stuff that is in it.

input {
file {

path => "/home/jaxon/Documents/sampleLogs/cluster.2016-04-17-08.log"


start_position => "beginning"

}
}

filter{
if [path] =~ "access"{
mutate { replace => { "type" => "AccessLog" } }
grok{
match => { "message" => "%{DATESTAMP:timestamp} %{LOGLEVEL:severity} ?[%{WORD:package}] %{GREEDYDATA:message}" }

}
mutate{
  add_field => {"timestampTest" => "%{timestamp}"}
}
date {
match => [ "timestampTest" , "yy-MM-dd HH:mm:ss,SSS"]

}
}

if [path] =~ "cluster"{
mutate { replace => { "type" => "ClusterLog" } }
grok{
match => { "message" => "%{DATESTAMP:timestamp} %{LOGLEVEL:severity}\s* [%{NOTSPACE:package}] %{GREEDYDATA:message}"
}

}
mutate{
  add_field => {"timestampTest" => "%{timestamp}"}
}
date {
match => [ "timestampTest" , "yy-MM-dd HH:mm:ss,SSS"]

}
}

if [path] =~ "deployment"{
mutate { replace => { "type" => "DeployLog" } }
grok{
  match => { "message" => "%{DATESTAMP:timestamp} %{LOGLEVEL:severity}\s* \[%{NOTSPACE:package}\] %{GREEDYDATA:message}"
  }
  
}
mutate{
  add_field => {"timestampTest" => "%{timestamp}"}
}
date {
match => [ "timestampTest" , "yy-MM-dd HH:mm:ss,SSS"]

}
}

if [path] =~ "ebi.server.error"{
mutate { replace => { "type" => "EbiServerErrorLog" } }
grok{
match => { "message" => "%{DATE:date} -? ?%{TIME:time} %{LOGLEVEL:severity} ?[%{NOTSPACE:package}]\ ?%{GREEDYDATA:message}"
}

}
mutate{
  add_field => {"timestampTest" => "%{date} %{time}"}
}

date {
match => [ "timestampTest" , "yy-MM-dd HH:mm:ss,SSS"]
}

}

else if [path] =~ "server2"{
mutate { replace => { "type" => "server log" } }
grok{
match => { "message" => "%{MONTHNUM:month}/%{MONTHDAY:daynumber}/%{YEAR:year} -? ?%{TIME:time} %{WORD:AM/PM} ?[%{LOGLEVEL:severity}\s*] [%{NOTSPACE:package}] %{GREEDYDATA:message}"
}

}
mutate{
  add_field => {"timestampTest" => "%{year}-%{month}-%{daynumber} %{time}"}
}

date {
match => [ "timestampTest" , "yy-MM-dd HH:mm:ss.SSS"]
}

}
else if [path] =~ "server."{
mutate { replace => { "type" => "Server.Log" } }
grok{
match => { "message" => "%{DATESTAMP:timestamp} %{LOGLEVEL:severity}\s* [%{NOTSPACE:package}] %{GREEDYDATA:message}"}

}
mutate{
  add_field => {"timestampTest" => "%{timestamp}"}
}

date {
match => [ "timestampTest" , "yy-MM-dd HH:mm:ss,SSS"]
}

}

output {

stdout { codec => rubydebug }
}

Jaxon_Kochel · May 22, 2017, 6:41pm

self resolved

system · June 19, 2017, 6:41pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.