Hi,
My Log Files look like below.I am using multiline to combine all lines to previous lines till select*.
I want ResultSet value to be in different field.
And rest of message in LOG field.
Can somebody please help on this?
select * from TIB_CLE_PROD.LOG WHERE LAST_INTERVAL_TIME BETWEEN to_timestamp('2018-02-02 13:02:54.565001000','YYYY-MM-DD HH24:MI:SS,FF9') AND to_timestamp('2018-02-02 13:02:59.857000000','YYYY-MM-DD HH24:MI:SS,FF9')
ResultSet: 12197
Returning connection...
select * from TIB_CLE_PROD.LOG WHERE LAST_INTERVAL_TIME BETWEEN to_timestamp('2018-02-02 13:02:59.857001000','YYYY-MM-DD HH24:MI:SS,FF9') AND to_timestamp('2018-02-02 13:03:02.755000000','YYYY-MM-DD HH24:MI:SS,FF9')
ResultSet: 4717
Returning connection...
select * from TIB_CLE_PROD.LOG WHERE LAST_INTERVAL_TIME BETWEEN to_timestamp('2018-02-02 13:03:02.755001000','YYYY-MM-DD HH24:MI:SS,FF9') AND to_timestamp('2018-02-02 13:03:04.481000000','YYYY-MM-DD HH24:MI:SS,FF9')
ResultSet: 4413
Below is the grog pattern i am using-
input {
file {
path => "/app/jep_utility/logs/*.log"
start_position => beginning
ignore_older => 0
type => "utilityjobs"
codec => multiline{
pattern => "^select"
max_lines => 10000
what => "previous"
negate => true
}
}
}
filter{
if [type] == "utilityjobs"{
grok {
match => {"message" => "%{GREEDYDATA:LOGS}"}
}
}
}
output {
elasticsearch {
hosts => [ "*******:9200" ]
index => "jeputility-%{+YYYY.MM.dd}"
user => *****
password => *****
}
}