Im running an ELK-Stack in Docker and my goal is, to parse and filter my IRC logs, for learning.
2024-04-01 20:25:02 me foo
2024-04-01 20:25:46 me bar
I found some logstash related stuff on Github. I guess the input and output part is similar, but I don't understand the filter related part. Do you have maybe some suggestions? I mean it's some years old.
thx
moep
You can check the configuration examples from the documentation to understand how logstash works.
And then the filters documentation to see which filters are available.
How you will parse depends on what you want to do with the data and how the message looks like.
Few more tips:
%{TIMESTAMP_ISO8601:timestamp}\s+%{NOTSPACE:username}\s+%{GREEDYDATA:ircmessage}This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.