Query on jboss log

Vigneshprasanna · January 31, 2018, 10:13am

Hi,

I'm trying to analyse the jboss log using the elk, In this POC now the data is passing from a file in local through logstach elastic search and comes here to kibana.
in kibana im viewing the below format of data.

In log file
2018-01-31 00:00:08,496 INFO [STDOUT] (http-xxxxx%xxxxx.xxx.xxx.xxx-xxx-4) 00:00:08,496 [xxx.xxxx.xxx.xxx.xxxx] INFO - xxx xxxResponse [ xxxxxx//1/xxxxxT:1:1=xxxxx,ACTIVITY:1:1=ACCOUNTS-BALANCE-ENQUIRY-INT,EFFECTIVE.DATE:1:1=20180118, CUSTOMER:1:1=xxxxxx ]

in the above how to query the customer or any other fields ???

my grok in the .conf file of logstash is

filter {
grok {
match => [
"message",
"%{TIME:time} %{LOGLEVEL:level} [(?[^]]+)] ((?[^)]+)) %{GREEDYDATA:message}"
]
overwrite => ["message"]
}
date {
match => ["time", "MMM dd YYYY HH:mm:ss,SSS"]
remove_field => ["time"]
}
}

In advance thanks for the support

Joe_Fleming · January 31, 2018, 7:12pm

You can use the query bar at the top of Kibana to query the documents using the Lucene query syntax. If you do this in Discover, you'll see the matching documents. If you'd like to visualize this data, use the fields to build your visualization and then you can use the query bar to filter the results being used to create the vis. Likewise, you can use the query bar on the Dashboard to filter data that is used to create all the items on the Dashboard.

system · February 28, 2018, 7:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.