Unable to differentiate logs

Raja1 · April 20, 2017, 8:56am

Hi All,

I have configured ELK in my server and able to see the logs in Kibana but i am unable to find out the environment wise logs in Kibana.I have different environments like DEV,INT,UAT and PROD. All environments has the logs.

how can be the logs be differentiated. For example one log entry is from DEV, one log entry is from INT. How can be marked the logs that it is DEV or INT or UAT or PROD environment.

Regards
Raja

warkolm · April 20, 2017, 9:01am

You need to attach a field in there that does that.

Raja1 · April 20, 2017, 9:04am

Hi Mark,

Thank you

can you please provide me some example config to refer.

Regards
Raja

warkolm · April 20, 2017, 9:05am

That depends entirely on how you send data to ES.

Raja1 · April 20, 2017, 9:07am

I am not filtering anything as of now. I want the environment wise logs as it is from server to Kibana.

warkolm · April 20, 2017, 9:09am

How do those logs get to ES?

Raja1 · April 20, 2017, 9:14am

I have logstash where i am doing the configuration to ship the logs to ES.My configuration looks like below. Here i have all environment logs under /etc/logs

input
{
file
{
path => "/etc/logs/*.log"
}
}
output
{
elasticsearch
{
hosts => "localhost:9200"
}
}

pablosan · April 20, 2017, 10:11am

I imagine you have a logstash in each different environment.
Add a field with the value of the environment.
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-file.html#plugins-inputs-file-add_field

input
{
  file
  {
    path => "/etc/logs/*.log"
    add_field => {"environment": "production"}
  }
}
output
{
  elasticsearch
  {
    hosts => "localhost:9200"
  }
}

A_B · April 20, 2017, 10:24am

Hi Raja,

it looks like you just have one server and collect logs from only one location...

Personally I would maybe use Filebeat to read the log files although you can do it with Logstash as well.

You will probably have to define more than one path of you have all logs in the same location, something like

input
{
  file
  {
    path => "/etc/logs/*.prod.log"
    add_field => {"environment": "production"}
  }
  file
  {
    path => "/etc/logs/*.dev.log"
    add_field => {"environment": "DEV"}
  }
  file
  {
    path => "/etc/logs/*.int.log"
    add_field => {"environment": "INT"}
  }
}

Adjust according to your naming convention of log files

Cheers,
AB

Raja1 · April 20, 2017, 10:44am

Thanks Ab and Pablo

Raja1 · April 27, 2017, 4:51am

Hi Ab,

This is not working. I have done the similar way but its throwing an invalid configuration.

A_B · May 2, 2017, 8:59am

Hi Raja,
sorry, I haven't used logstash this way... Looking at https://www.elastic.co/guide/en/logstash/current/plugins-inputs-file.html looks like I left out the input type from the second and third path. I edited my previous post to fix that.

Raja1 · May 2, 2017, 9:27am

I fixed finally. I have created different configuration files referring same elasticsearch output so that i was able to make it possible.

Anyway Thank you

system · May 30, 2017, 9:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Beats Logs differentiation based on Environment in Kibana UI Beats filebeat	3	332	April 11, 2022
How to show mulitple servers logs in kibana separatly from each other Kibana	3	224	March 2, 2021
How to differentiate between server logs in logstash? Logstash	3	619	June 6, 2019
Elastic Stack Setup for Multiple Server Elasticsearch	10	2809	July 23, 2018
How To classify and follow logs from different log files and machines Elasticsearch	3	2000	August 25, 2017

Unable to differentiate logs

Related topics