Parse the logs

Hi all,

Currently, we are using filebeat to get the logs from kubernetes. But we would like to parse the logs for better usage. Is there any possibility to do that?

Note: The message is too log and using filter did not work as expected. This is because the message contained repeated words in the same log and we could not get the expected result.


Which logs exactly?

If I want to filter this kind of logs. I have a bunch of logs and want to drill it down further but since they are together in message field I cannot do that.

For an instance, if my message is like
HTTP/1.1" 200 33 "https://*****" and Chrome/200.0.3325.181 Safari/537.36"

I cannot filter the logs with 200 as the message contains 200 twice. The solution for this will be to parse the logs or separate into different fields.

Is this possible?


Please don't post pictures of text, they are difficult to read and some people may not be even able to see them.

However, have you looked at Logstash for this?

@warkolm sorry and thanks for the tip.

I haven't checked that as we are using filebeat and metricbeat already. Logstash have that feature?

Logstash is made for parsing data that filebeat ships, so yep.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.