Example log:
2017-04-05T08:08:06.876675+00:00 app[web.1]: Read fragment views/people/113477-20160223215243633000/meta/cf52ea03049257538d100aca49e4c24 (1.6ms)
2017-04-05T08:08:06.847774+00:00 app[web.1]: Parameters: {"id"=>"neth-drda"}
2017-04-05T08:08:06.879827+00:00 app[web.1]: Write fragment views/people/113477-20160223215243633000/meta/cf52ea03049257538d100adca49e4c24 (1.3ms)
2017-04-05T08:08:06.880294+00:00 app[web.1]: Rendered shared/_breadcrumbs.html.slim (0.3ms)
2017-04-05T08:08:06.882656+00:00 app[web.1]: Read fragment views/10919/e7d5a8214b3c7d3f381f4370d145a5ba (1.9ms)
2017-04-05T08:08:06.882765+00:00 app[web.1]: Rendered people/_geography.slim (2.2ms)
2017-04-05T08:08:06.885668+00:00 app[web.1]: Rendered layouts/_head.html.slim (1.0ms)
2017-04-05T08:08:06.889785+00:00 app[web.1]: Completed 200 OK in 42ms (Views: 15.0ms | ActiveRecord: 7.1ms)
2017-04-05T08:08:06.890491+00:00 app[web.1]: source=rack-timeout id=5208b143-723c-446-9609-a3e063fcde79 wait=5ms timeout=29000ms service=44ms state=completed
2017-04-05T08:08:06.884419+00:00 app[web.1]: Rendered people/show.html.slim within layouts/application (9.8ms)
2017-04-05T08:08:06.890654+00:00 app[web.1]: cache: [GET /neth-drda] miss
Config:
input {
http {
type => “http”
port => “3332"
codec => "line"
tags => [“heroku”]
}
}
filter {
grok {
match => {“message” => “%{TIMESTAMP_ISO8601:timestamp} %{WORD:component}\[%{WORD:process}(?:\.%{INT:instance})?\]: +%{GREEDYDATA:message}“}
}
date {
match => [ "timestamp", "ISO8601" ]
}
}
With each http upload sent to logstash I see a single entry in kibana with one giant message so obviously nothing is matched and it isn't processed correctly. What are we missing?
Here is the curl command to submit the file: curl -XPUT "http://localhost:3332" -d "@./log.txt"