hi all,
I have configured Elasticsearch, kibana and logstash on a server. Sending logs from different filebeat clients to logstash. I have logs in which connection esatablish and connection reset time present. My requirement is get to know connection duration. sample log is given below:-
Tue Oct 5 14:05:53 2021 TCP connection established with [AF_INET6]::ffff:192.168.10.1:55630
Tue Oct 5 23:40:51 2021 192.168.10.1:55630 Connection reset, restarting [0]
I have written grok filter like that,
%{DAY:day} %{SYSLOGTIMESTAMP:conn_est_time} %{YEAR:year} TCP connection established with \[AF_INET6\]::ffff:%{IP:server_IP}:%{NUMBER:port}
%{DAY:day} %{SYSLOGTIMESTAMP:conn_reset_time} %{YEAR:year} %{IP:server_IP}:%{NUMBER:port} Connection reset, restarting \[0\]
Now i want to get connection duration and visualize it on kibana. How to do that? Please guide me.
hi @Badger
I have another query. Suppose after reset same port is assigned to another connection etablishement, then will I get separately duration for second connection on same port?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.