Hi,
I'd like to read and parse logstash's own log file with logstash. Does anyone have a grok pattern or config to do this? I'm surprised this isn't an out of the box feature!
Cheers,
Max
I'd like to read and parse logstash's own log file with logstash. Does anyone have a grok pattern or config to do this? I'm surprised this isn't an out of the box feature!
I tried and it kind of worked but there are so many edge cases it's not
even funny.
Just wait until Internal logging: A return to JSON · Issue #1569 · elastic/logstash · GitHub gets
solved. Subscribe/write in it to make it more of a priority.
I'd echo that.
KB4 moved to JSON logs and it definitely makes sense for LS to as well 
Hi,
Thanks for the tips. On a similar vein, what are people's thoughts on the best way to monitor Elasticsearch's logs with logstash?
Cheers,
Max
I haven't carved out the time to actually implement it for my ES clusters so I can't promise that it'll work, but I'm planning to use https://github.com/logstash/log4j-jsonevent-layout to get Logstash-friendly JSON logs.