Hello,
I am trying to analyze some access and report logs in kibana..I want to be able to query on the message I receive on kibana...Basically I want to turn the messages onto fields to be able to query on them. How can I do that in kibana? modify the existing log-stash file?
The contents of access log looks like the following:
access.log
00:42:10,411 INFO [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' access:14 - |peka|searchCustomer|https://32.90.12:253/service/soap/vhandset/CustomerManagement/CustomerLookupService
report.log
and the report logs like the following:
2016-03-22 00:4110|mayan|searchVendor|2509
The configuration for the above files is the following:
As a general comment, you probably don't want to assign these files the type "syslog" since I assume they're not syslog messages. Secondly, since the log messages look very differently I suggest you assign different types to them. Use two file inputs instead of one.
Why is there a question mark next to the fields I extracted from the logs shown in Kibana ? Does it indicate it has not been properly extracted? (username, vendorname, bytes, seconds, todaysdate)
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.