Hey,
!NOTE! i'm new to the elk stack in all its facettes.
I have some Problems with displaying my logfiles from an laravel application.
I'm running laravel on one server and my elk stack on another i installed logstash on the laravel server aswell and wrote my logstash conf for the laravel logs.
looks like this
input {
file {
path => "/var/www/html/storage/logs/laravel.log"
start_position => "beginning"
ignore_older => 0
codec => multiline {
pattern => "\[[\d]{4}"
negate => "true"
what => "previous"
}
}
}
filter {
if [type] == "laravel" {
grok {
match => {
"message" => "\[%{TIMESTAMP_ISO8601:timestamp}\] %{DATA:env}\.%{DATA:severity}: %{DATA:message} \[" } }
date {
match => [ "timestamp", "yyyy-MM-dd HH:mm:ss" ]
target => "@timestamp"
locale => "en"
timezone => "UTC"
}
}
}
output {
elasticsearch {
hosts => ["XXX.XXX.XX.XX:9200"]
index => "laravel-%{+YYYY.MM.dd}"
}
}
It is displayed an the messaged are also shown etc the only problem is with the date filter im not able to get it configured that the filter regognizes the original timestamp from the log itself and writes the timestamp there. also is there any possibility to arrange an filter that the severity will be transformed in another field for the es index.
Thanks in advance
Cheers