Hi ,
I am new to ELK , i am trying to read the logs for IBM dmgr ,node and Application logs . but it is reading top 2 file input and creating index but 3rd file is not creating index and not reading could you please help me .
Below is my logstash config file .
input {
file {
path => [ “/opt/WebSphere/AppServer8.5.5/profiles/x.x.x.xManager/logs/dmgr/SystemOut.log” ]
start_position => "beginning"
type => “websphere1”
# important! logstash read only logs from files touched the last 24 hours
# 8640000 = 100 days
ignore_older => "8640000"
codec => multiline {
pattern => "^\s"
what => “previous”
}
}
file {
path => [ “/opt/WebSphere/AppServer8.5.5/profiles/x.x.x.x/logs/nodeagent/SystemOut.log” ]
start_position => "beginning"
type => “app1”
# 8640000 = 100 days
ignore_older => "8640000"
codec => multiline {
pattern => "^\s"
what => “previous”
}
}
file {
path => [ “/opt/WebSphere/AppServer8.5.5/profiles/x.x.x.x/logs/ActiveVOS-v01/SystemOut.log” ]
start_position => "beginning"
type => “websphere”
# 8640000 = 100 days
ignore_older => "86400"
codec => multiline {
pattern => "^\s"
what => “previous”
}
}
}
output {
if [type] == “websphere1” {
elasticsearch{
hosts => [“x.x.x.x:9200”]
index => “x.x.x.x_dmgr1_%{+YYYY.MM.dd}”
}
}
if [type] == “app1” {
elasticsearch{
hosts => [“x.x.x.x:9200”]
index => “x.x.x.x_node_%{+YYYY.MM.dd}”
}
} else if [type] == “websphere” {
elasticsearch{
hosts => [“x.x.x.x:9200”]
index => “x.x.x.x_ActiveVOS-v01_%{+YYYY.MM.dd}”
}
} else {
stdout{
codec => rubydebug
}
}
}