To Read particular event form text file

Elastic Stack Beats
1

Hi,

I am having a multiline text file with multiple events, I want to read a particular event from a file.
First, I want to know how can I read this particular multiline text file in filebeat
then after how can i extract particular event from file

2

MachineName: DEVELOPER-PC
UserDomainName: Developer-PC
UserName: Developer
OSVersion: Microsoft Windows NT 6.1.7601 Service Pack 1
UserInteractive: True
CLR Version: 4.0.30319.42000

Command Line: "R:\Bin\NCR.APTRA.UATestServer.exe"
Configuration Path: R:\Bin\Config\NCR.APTRA.UATestServer.accfg
Current Directory: R:\Bin
CodeBase Directory: R:\Bin

ApplicationData: C:\Users\Developer\AppData\Roaming
CommonApplicationData: C:\ProgramData
CommonProgramFiles: C:\Program Files\Common Files
LocalApplicationData: C:\Users\Developer\AppData\Local
ProgramFiles: C:\Program Files

Host Name: Developer-PC
IPAddress(es): fe80::c11c:4c40:1d2:8ad4%11 10.0.2.15

Time Zone Information
Short DateTime Pattern: M/d/yyyy h:mm tt
DateTime.Kind: Local
Standard time name: India Standard Time
Daylight saving time name: India Daylight Time
Current date and time: 11/18/2019 4:44:03 PM
Daylight saving time? False
Coordinated Universal Time: 11/18/2019 11:14:03 AM
UTC offset: 05:30:00
Daylight saving time for year 2019:
1/1/0001 12:00:00 AM to 1/1/0001 12:00:00 AM, delta: 00:00:00

Creating test data...
ServerManagement WebService
[Address] = 127.0.0.1, [Port] = 8080, [RelativeURI] = project24/services/ManagementService, [Compression] = None, [SecurityMode] = None, [CertIssuer] = , [CertSubject] = , [CertSerialNumber] = , [MaxArrayLength] = 2147483647, [MaxBytesPerRead] = 4096, [MaxDepth] = 2147483647, [MaxNameTableCharCount] = 2147483647, [MaxStringContentLength] = 2147483647, [MaxBufferPoolSize] = 524288, [MaxBufferSize] = 524288, [MaxReceivedMessageSize] = 524288, [OpenTimeout] = 180, [CloseTimeout] = 180, [SendTimeout] = 180, [ReceiveTimeout] = 600, [MutualAuthentication] = False, [CertificateHash] =

ClientManagement WebService
[Address] = 127.0.0.1, [Port] = 9090, [RelativeURI] = project24/aptra/unifiedagent/clientmgmt/server, [Compression] = None, [SecurityMode] = None, [CertIssuer] = , [CertSubject] = , [CertSerialNumber] = , [MaxArrayLength] = 2147483647, [MaxBytesPerRead] = 4096, [MaxDepth] = 2147483647, [MaxNameTableCharCount] = 2147483647, [MaxStringContentLength] = 2147483647, [MaxBufferPoolSize] = 524288, [MaxBufferSize] = 524288, [MaxReceivedMessageSize] = 524288, [OpenTimeout] = 180, [CloseTimeout] = 180, [SendTimeout] = 180, [ReceiveTimeout] = 600, [MutualAuthentication] = False, [CertificateHash] =

================================================================================
11/18/2019 4:44:03 PM Test Server hosted URI: http://127.0.0.1:8080/project24/services/ManagementService

serverMgmtHost_Opening
serverMgmtHost_Opened
---------- Construct Client ----------
[Address] = 127.0.0.1, [Port] = 9090, [RelativeURI] = project24/aptra/unifiedagent/clientmgmt/server, [Compression] = None, [SecurityMode] = None, [CertIssuer] = , [CertSubject] = , [CertSerialNumber] = , [MaxArrayLength] = 2147483647, [MaxBytesPerRead] = 4096, [MaxDepth] = 2147483647, [MaxNameTableCharCount] = 2147483647, [MaxStringContentLength] = 2147483647, [MaxBufferPoolSize] = 524288, [MaxBufferSize] = 524288, [MaxReceivedMessageSize] = 524288, [OpenTimeout] = 180, [CloseTimeout] = 180, [SendTimeout] = 180, [ReceiveTimeout] = 600, [MutualAuthentication] = False, [CertificateHash] =

================================================================================
11/18/2019 4:45:12 PM Received Message from 127.0.0.1: Register
terminal = TerminalInfo
Address = 127.0.0.1
UniqueId = 4260ad98-0ecc-46e8-a286-e7b7eb9050a6
CustomerCode = Undefined
Properties =
[0] [TerminalId] = Developer-PC-0
[1] [MACAddress] = 00:00:00:00:00:00
[2] [MachineName] = Developer-PC
[3] [UAVersion] = 04.06.00.01
[4] [GUID] = 4260ad98-0ecc-46e8-a286-e7b7eb9050a6
[5] [IPAddress] = 127.0.0.1
[6] [CustomerCode] = Undefined
[7] [ConfigurationHashUAWSLoaded] =
[0] = 119
[1] = 203
[2] = 91
[3] = 196
[4] = 166
[5] = 186
[6] = 222
[7] = 93
[8] = 108
[9] = 81
[10] = 170
[11] = 147
[12] = 118
[13] = 62
[14] = 235
[15] = 114
[8] [ConfigurationHashUAWSStaged] =
[0] = 119
[1] = 203
[2] = 91
[3] = 196
[4] = 166
[5] = 186
[6] = 222
[7] = 93
[8] = 108
[9] = 81
[10] = 170
[11] = 147
[12] = 118
[13] = 62
[14] = 235
[15] = 114
[9] [ConfigurationHashSWD1] =
[10] [ConfigurationHashSWD2] =
[11] [CultureInfo.LCID] = 1033
[12] [CultureInfo.Name] = en-US
[13] [XFSVendorName] =
[14] [ServerCommsMode] = Active
CollectorInfo =
state =
[0] [SubscribedEventOccurred.SequenceNumber] = 0
[1] [TerminalInfo.TerminalId] = Developer-PC-0
[2] [TerminalInfo.MACAddress] = 00:00:00:00:00:00
[3] [TerminalInfo.MachineName] = Developer-PC
Exception: Value cannot be null.
Parameter name: stream
Could not load file: NCR.APTRA.UATestServer.SNMPManagementCollector.xml

11/18/2019 4:46:49 PM Received Message from 127.0.0.1: SubscribedEventOccurred
sequenceNum = 52
terminal = TerminalInfo
Address = 127.0.0.1
UniqueId = 4260ad98-0ecc-46e8-a286-e7b7eb9050a6
CustomerCode = Undefined
Properties =
[0] [TerminalId] = Developer-PC-0
[1] [MACAddress] = 00:00:00:00:00:00
[2] [MachineName] = Developer-PC
[3] [UAVersion] = 04.06.00.01
[4] [GUID] = 4260ad98-0ecc-46e8-a286-e7b7eb9050a6
[5] [IPAddress] = 127.0.0.1
[6] [CustomerCode] = Undefined
CollectorInfo =
[0] [Version] = 1.0.0.3
eventName = NCR.APTRA.Reboot.Complete
eventDetails =
[0] = ManagementEventInfo
ClassUri = NCR.APTRA.Reboot.Complete
Properties =
[0] [WindowsRebootEventID] = 1074
[1] [WindowsRebootReason] = Recovery Reboot due to CX AGENT ISSUE
Reason Code: 0x80020003
Shutdown Type: restart
Comment:
[2] [WindowsRebootUTCEventTimestamp] = 12/10/2019 3:00:00 AM
[3] [TriggerEventUri] = NCR.APTRA.IMgmtServerComms.UANullptr
[4] [TriggerEventSequenceNumber] = 0
[5] [TriggerUTCTimestamp] = NCR.APTRA.IMgmtServerComms.UANullptr
[6] [UTCTimeStamp] = 12/10/2019 6:03:56 AM
classDetails =

documentFragment = Document
Uri =
InstanceName =
Command = RebuildAndRetrieve (0)
Data =

================================================================================
11/18/2019 4:48:09 PM Received Message from 127.0.0.1: DocumentUpload
terminal = TerminalInfo
Address = 127.0.0.1
UniqueId = 4260ad98-0ecc-46e8-a286-e7b7eb9050a6
CustomerCode = Undefined
Properties =
[0] [TerminalId] = Developer-PC-0
[1] [MACAddress] = 00:00:00:00:00:00
[2] [MachineName] = Developer-PC
[3] [UAVersion] = 04.06.00.01
[4] [GUID] = 4260ad98-0ecc-46e8-a286-e7b7eb9050a6
[5] [IPAddress] = 127.0.0.1
[6] [CustomerCode] = Undefined
CollectorInfo =
[0] [Version] = 2.17.0.1
result = RequestResult
Status = Success
requestId = 0
classUri = NCR.APTRA.InventoryCollector.AggregateInventory
instanceName = Default
documentFragment = Document
Uri = NCR.APTRA.InventoryCollector.AggregateInventory
InstanceName = Default
Command = RetrieveDelta (2)
Data = <?xml version="1.0" encoding="utf-8"?><Removed /

================================================================================
11/18/2019 4:46:49 PM Received Message from 127.0.0.1: SubscribedEventOccurred
sequenceNum = 52
terminal = TerminalInfo
Address = 127.0.0.1
UniqueId = 4260ad98-0ecc-46e8-a286-e7b7eb9050a6
CustomerCode = Undefined
Properties =
[0] [TerminalId] = Developer-PC-0
[1] [MACAddress] = 00:00:00:00:00:00
[2] [MachineName] = Developer-PC
[3] [UAVersion] = 04.06.00.01
[4] [GUID] = 4260ad98-0ecc-46e8-a286-e7b7eb9050a6
[5] [IPAddress] = 127.0.0.1
[6] [CustomerCode] = Undefined
CollectorInfo =
[0] [Version] = 1.0.0.3
eventName = NCR.APTRA.Reboot.Complete
eventDetails =
[0] = ManagementEventInfo
ClassUri = NCR.APTRA.Reboot.Complete
Properties =
[0] [WindowsRebootEventID] = 1074
[1] [WindowsRebootReason] = Recovery Reboot due to CX AGENT ISSUE
Reason Code: 0x80020003
Shutdown Type: restart
Comment:
[2] [WindowsRebootUTCEventTimestamp] = 14/10/2019 5:30:00 AM
[3] [TriggerEventUri] = NCR.APTRA.IMgmtServerComms.UANullptr
[4] [TriggerEventSequenceNumber] = 0
[5] [TriggerUTCTimestamp] = NCR.APTRA.IMgmtServerComms.UANullptr
[6] [UTCTimeStamp] = 14/10/2019 6:03:56 AM
classDetails =

documentFragment = Document
Uri =
InstanceName =
Command = RebuildAndRetrieve (0)
Data =

3

You will need an ingest pipeline to process the log files. In the ingest pipeline you can define all potential fields.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.