Parse specific file text

Beuhlet_Reseau · January 25, 2017, 1:49pm

Hello,

I have some lines in a file text and i want parse it with logstash to create graph.

I'm begginers to use logstash.

Here few examples of file text, each hour new lines are copied in:

20170123215959;Volume_data_hour-C-FWK-BMA-EDR-2-Zone-Volume;Appli1;376622
20170123215959;Volume_data_hour-C-FWK-BMA-EDR-2-Zone-Volume;Appli2;464431  
20170123215959;Volume_data_hour-C-FWK-BMA-EDR-2-Zone-Volume;Appli3;79
20170123215959;Volume_data_hour-C-FWK-BMA-EDR-2-Zone-Volume;Appli4;60

20170123215959;Volume_data_heure-C-FWK-BMA-EDR-1-VolumeTot;900450

At the end, i want Five Graphs (4 applis + one total) alimented each hour.

It's possible ? If yes whats ?

PS : I have a file conf in /etc/logstash/conf.d/syslog.conf (it's retrieves syslog message). I must create a new conf file named for example volume_hour.conf ? or write in the conf file existant ?

Beuhlet_Reseau · January 25, 2017, 3:54pm

I try this to cut my line correctly :

%{DATE:date};%{WORD:compteur};%{WORD:Appli};%{INT:Volume}

Beuhlet_Reseau · January 26, 2017, 10:00am

I have found this syntax to cut correctly my line :

20170123215959;Volume_data_hour-C-FWK-BMA-EDR-2-Zone-Volume;Appli1;88582

%{DATA:date}[;]%{DATA:nom_compteur}[;]%{DATA:zone}[;]%{INT:volume}

{
"date": [
"20170123215959"
],
"nom_compteur": [
"Volume_data_hour-C-FWK-BMA-EDR-2-Zone-Volume"
],
"zone": [
"Europe"
],
"volume": [
"88582"
]
}

system · February 23, 2017, 10:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.