Parsing tomcat hybris logs with logstash

Hi all, I'm having trouble with creating a multiline message with hybris. The problem is that if the message in the console is:

 ` org.opensaml.saml2.metadata.provider.MetadataProviderException: org.opensaml.saml2.metadata.provider.MetadataProviderException: Metadata file 'path' does not exist
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:270) ~[opensaml-2.6.7-hybrid.jar:?]
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.doInitialization(AbstractReloadingMetadataProvider.java:239) ~[opensaml-2.6.7-hybrid.jar:?]
at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.initialize(AbstractMetadataProvider.java:407) ~[opensaml-2.6.7-hybrid.jar:?]
at org.springframework.security.saml.metadata.ExtendedMetadataDelegate.initialize(ExtendedMetadataDelegate.java:167) ~[spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
at org.springframework.security.saml.metadata.MetadataManager.initializeProvider(MetadataManager.java:412) ~[spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
at org.springframework.security.saml.metadata.MetadataManager.refreshMetadata(MetadataManager.java:238) [spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
at org.springframework.security.saml.metadata.CachingMetadataManager.refreshMetadata(CachingMetadataManager.java:86) [spring-security-saml2-core-1.0.`

it is written in the file like this:

`INFO   | jvm 1    | main    | 2019/01/15 14:24:35.007 | e[1;31mERROR [Metadata-reload] [MetadataManager] Initialization of metadata provider org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider@73b12626 failed, provider will be ignored

INFO | jvm 1 | main | 2019/01/15 14:24:35.007 | e[m org.opensaml.saml2.metadata.provider.MetadataProviderException: org.opensaml.saml2.metadata.provider.MetadataProviderException: Metadata file "path" does not exist
INFO | jvm 1 | main | 2019/01/15 14:24:35.007 | at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:270) ~[opensaml-2.6.7-hybrid.jar:?]
INFO | jvm 1 | main | 2019/01/15 14:24:35.007 | at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.doInitialization(AbstractReloadingMetadataProvider.java:239) ~[opensaml-2.6.7-hybrid.jar:?]
INFO | jvm 1 | main | 2019/01/15 14:24:35.007 | at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.initialize(AbstractMetadataProvider.java:407) ~[opensaml-2.6.7-hybrid.jar:?]
INFO | jvm 1 | main | 2019/01/15 14:24:35.008 | at org.springframework.security.saml.metadata.ExtendedMetadataDelegate.initialize(ExtendedMetadataDelegate.java:167) ~[spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
INFO | jvm 1 | main | 2019/01/15 14:24:35.008 | at org.springframework.security.saml.metadata.MetadataManager.initializeProvider(MetadataManager.java:412) ~[spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
INFO | jvm 1 | main | 2019/01/15 14:24:35.008 | at org.springframework.security.saml.metadata.MetadataManager.refreshMetadata(MetadataManager.java:238) [spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
INFO | jvm 1 | main | 2019/01/15 14:24:35.008 | at org.springframework.security.saml.metadata.CachingMetadataManager.refreshMetadata(CachingMetadataManager.java:86) [spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
INFO | jvm 1 | main | 2019/01/15 14:24:35.008 | at org.springframework.security.saml.metadata.MetadataManager$RefreshTask.run(MetadataManager.java:1040) [spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
INFO | jvm 1 | main | 2019/01/15 14:24:35.008 | at java.util.TimerThread.mainLoop(Timer.java:555) [?:1.8.0_191]
INFO | jvm 1 | main | 2019/01/15 14:24:35.008 | at java.util.TimerThread.run(Timer.java:505) [?:1.8.0_191]`

I want to parse the output in elastickstack like it is in the console but i have no idea how to use grok or filters. I'll appreciate any help. Thanks in advance !

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.