Parsing log

Luiss_Anggel_Carbone · May 12, 2020, 6:07pm

Hello greetings
I made the configuration to integrate FileBeat, Logstash, and Elastic.
I need to create a filter every time I find an ERROR in the log. Any solution for this?
Where can I find documentation on this, I am starting to use these tools.

andres-perez · May 13, 2020, 8:28am

Hi!

You can take a look at https://www.elastic.co/blog/a-practical-introduction-to-logstash to start configuring logstash filters.

Luiss_Anggel_Carbone · May 13, 2020, 1:36pm

Hi, thanks you.

input {
beats {
port => "5044"
}
}

The filter part of this file is commented out to indicate that it is

optional.

filter {
grok {
match => { "message" => "%{DATE:fecha} %{TIME:time} %{LOGLEVEL:logLevel} %{GREEDYDATA:data}" }
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}

output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}

I would like to know how to consume this information through a web service through elastic. Any recommendation ?

andres-perez · May 14, 2020, 6:40pm

I think you should add more information about your intended use case.

For example, you can use alerting (depending on your elastic subscription) to search within the ingested data in elasticsearch and send information to a webservice when errors are found.

I associate the idea of consumption more with queues and other services like Redis, Kafka, etc, but for sure there are multliple solutions that fit your purpose.

system · June 11, 2020, 6:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.