I am using logstash and elasticsearch. I parsed each log lines of 'localhost.log'. When error occurs the next lines are appended to the previous line.
Is it possible to get specific numbers of line following the line where error has occurred.
"localhost.log" file is:
Apr 14, 2014 12:33:48 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet threw exception
java.lang.NullPointerException
at com.web.controller.WebController.home(WebController.java:30)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:219)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:925)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:936)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:827)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:812)
Logstashconfiguration file is:
input {
file {
path => "/usr/local/logstash-1.4.0/test.log"
start_position => beginning
codec => multiline {
pattern => "^(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec|INFO|DEBUG|ERROR|SEVERE)"
negate => true
what => "previous" }
}
}
filter
{
grok {
match => [
"message","%{MONTH:month} %{MONTHDAY:monthday}, %{YEAR:year} %{TIME:time} \w{2} %{JAVACLASS:class} %{GREEDYDATA:eventmessage}", "message","%{LOGLEVEL:level}: %{GREEDYDATA:eventmessage}"
]
}
}
output {
elasticsearch { host => localhost
index => "logstash-org"
}
stdout { codec => rubydebug }
}