Pipeline Viewer UI confusion

mladen · May 26, 2018, 1:57pm

Hello Shaunak,

I have server eskibanademo with following software installed:

elasticsearch version - 6.2.2
logstash version - 6.2.2
kibana version - 6.2.2

And server elasticlog with following software installed:

logstash version - 6.2.4

Because files is to big for body of this message I will just put uncomment lines from logstash.yml file ekibanademo server:

path.data: /var/lib/logstash
path.logs: /var/log/logstash
xpack.monitoring.elasticsearch.url: "http://eskibanademo:9200"

And logstash.yml from elasticlog server:

path.data: /var/lib/logstash
path.logs: /var/log/logstash
xpack.monitoring.elasticsearch.url: "http://eskibanademo:9200"

Pipeline from eskibanademo server:

input {
    beats {
        port => "5044"
    }
}

filter {
    if [cpuramiibraz] {
        csv {
            columns => [ "date_time", "cpu_utilization", "ram_utilization", "execution_group" ]
            separator => ","
        }
        mutate {convert => ["cpu_utilization", "float"] }
        mutate {convert => ["ram_utilization", "float"] }
        date {
            locale => "en"
            match => ["date_time", "dd-MM-yy;HH:mm:ss"]
            timezone => "Europe/Belgrade"
            target => "@timestamp"
        }
    }

    if [qmraz2] {
        csv {
            columns => [ "date_time", "queue_name", "curdepth", "queue_manager" ]
            separator => ","
        }
        mutate {convert => ["curdepth", "integer"] }
        date {
            locale => "en"
            match => ["date_time", "dd-MM-yy;HH:mm:ss"]
            timezone => "Europe/Belgrade"
            target => "@timestamp"
        }
    }

    if [iibraz] {
        grok {
            match => { "message" => "^%{SYSLOGTIMESTAMP:DATE_TIME} %{HOSTNAME:HOSTNAME} %{WORD:SYSTEM}\[%{BASE10NUM:PID}]: IBM Integration Bus %{WORD} \(%{WORD:NODE}.%{WORD:EG}\) \[%{WORD} %{BASE10NUM}] \(%{WORD} %{NOTSPACE}\) %{WORD:CODE}: %{GREEDYDATA:MESSAGE}$" }
        }
        date {
            locale => "en"
            match => ["DATE_TIME", "MMM dd HH:mm:ss"]
            timezone => "Europe/Belgrade"
            target => "@timestamp"
        }
    }
}

output {
    if [cpuramiibraz] {
        elasticsearch {
            hosts => [ "eskibanademo:9200" ]
            index => "iibrazcpuram-%{+YYYY.MM}"
        }

    }

    if [qmraz2] {
        elasticsearch {
            hosts => [ "eskibanademo:9200" ]
            index => "iibrazqmraz2-%{+YYYY.MM}"
        }

    }

    if [iibraz] {
        if "_grokparsefailure" in [tags] {
            # write events that didn't match to a file
            file { "path" => "/grok/kaiibraz/grok_log_filter_failures_kaiibraz.txt" }
        }

        else {
            elasticsearch {
                hosts => [ "eskibanademo:9200" ]
                index => "iibrazlog-%{+YYYY.MM}"
            }
        }
    }
}

I will put content of a pipeline file from elasticlog server to next post.

Topic		Replies	Views
Logstash monitoring not showing one pipeline Logstash	1	288	December 14, 2020
Multiple Logstash pipelines in Kibana Stack Monitoring Kibana elastic-stack-monitoring	4	534	January 10, 2020
Logstash management info wrong? Logstash	8	318	July 5, 2018
Logstash monitoring: pipeline identification Kibana	4	469	December 17, 2019
2 nodes logstash Kibana	10	340	January 2, 2023

Pipeline Viewer UI confusion

Related topics