[RESOLVED] Custom log in Kibana

Florius · May 9, 2017, 1:35pm

Hi. I use software that makes logfiles in /var/log/softwarename/YYYYMMDD/
It uses JSON formatting. But I'm new to Kibana and have no idea how I can read out the log files properly, as I get the log files in a single rule while I should be able to use formatting.

This all sounds very vague, but please see https://www.youtube.com/watch?v=H6dCCw666Xw&t=341s (skip to 2:39).
Hopefully this explains some things...

EDIT: Okay, I did some research and found out that it reads the correct files.
However formatting of it in Kibana is wrong:

So how can I make sure it has proper fields and such, as in the video?

EDIT2: Fixed it. Disabled Logstash and using only Filebeat to parse the JSON files, works perfect!

weltenwort · May 9, 2017, 7:00pm

Hi @Florius,

what tool are you using to ingest the logs into Elasticsearch? Logstash? Filebeat?

Florius · May 9, 2017, 7:13pm

Well I actually use both Logstash and Filebeat... I'm not even sure if that's possible but Filebeat prospector gives me the correct files and I try to parse it with Logstash.

(Both Logstash and Filebeat run on the same server as intended, I will be using it only for logfiles on this server.)

StephenGoodall · May 10, 2017, 5:26am

What do you have in your logstash config?
As it's already in JSON format you should just be able to use something like:
{ codec => json_lines }

in your input block

system · June 7, 2017, 5:34am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Json logstash Logstash	6	781	August 14, 2017
Kibana logs vs filebeat kibana module Beats elastic-stack-monitoring , beats-module , filebeat	4	411	August 24, 2021
Getting the logs in filebeat log but not in kibana Beats filebeat	3	440	March 26, 2020
Filebeat reading json file Beats filebeat	7	3703	April 27, 2017
[SOLVED] Where to set log pattern? Beats filebeat	3	892	July 5, 2017

[RESOLVED] Custom log in Kibana

Related topics