Hi 
I am a bit struggling with the syntax in logstash. I would like to filter Log Level -Error.
In my .log I have something like timestamp applicationtest.Error messsage. Is it possible that i my errorlog I will see applicationtest.Error or just ERROR
I am using Grok filter:
grok{
match => {"message" => "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:log-level}-%{GREEDYDATA:message}"}
}
but I can not see the Error log.
Thank You
Hi,
please add examples of the exact log lines that you are using as input and the expected results that you want.
Probably some tests in https://grokdebug.herokuapp.com/ will help you to get your match patterns right.
Thank you for your reply.
log lines is : [2020-01-03 11:16:50] applicationtest.ERROR: message ahoj jak se mas
You could dissect that
dissect { mapping => { "message" => "[%{timestamp}] %{something}.%{loglevel}: %{errormessage}" } }thank You very much .. ill try it
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.