Please please Please help me in logstash


(P Kumar) #1

Hi ,
I am new to ELK , i am trying to read the logs for IBM dmgr ,node and Application logs . but it is reading top 2 file input and creating index but 3rd file is not creating index and not reading could you please help me .
Below is my logstash config file .

input {
file {
path => [ “/opt/WebSphere/AppServer8.5.5/profiles/x.x.x.xManager/logs/dmgr/SystemOut.log” ]
start_position => "beginning"
type => “websphere1”
# important! logstash read only logs from files touched the last 24 hours
# 8640000 = 100 days
ignore_older => "8640000"
codec => multiline {
pattern => "^\s"
what => “previous”
}
}
file {
path => [ “/opt/WebSphere/AppServer8.5.5/profiles/x.x.x.x/logs/nodeagent/SystemOut.log” ]
start_position => "beginning"
type => “app1”
# 8640000 = 100 days
ignore_older => "8640000"
codec => multiline {
pattern => "^\s"
what => “previous”
}
}
file {
path => [ “/opt/WebSphere/AppServer8.5.5/profiles/x.x.x.x/logs/ActiveVOS-v01/SystemOut.log” ]
start_position => "beginning"
type => “websphere”
# 8640000 = 100 days
ignore_older => "86400"
codec => multiline {
pattern => "^\s"
what => “previous”
}
}
}
output {
if [type] == “websphere1” {
elasticsearch{
hosts => [“x.x.x.x:9200”]
index => “x.x.x.x_dmgr1_%{+YYYY.MM.dd}”
}
}
if [type] == “app1” {
elasticsearch{
hosts => [“x.x.x.x:9200”]
index => “x.x.x.x_node_%{+YYYY.MM.dd}”
}
} else if [type] == “websphere” {
elasticsearch{
hosts => [“x.x.x.x:9200”]
index => “x.x.x.x_ActiveVOS-v01_%{+YYYY.MM.dd}”
}
} else {
stdout{
codec => rubydebug
}
}
}


(Magnus Bäck) #2

This is a duplicate of Logstash not reading more than 2 files. Please don't open multiple threads for the same issue.


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.