What analyzer to use in mappings for java stack traces

Hi,

I have a use case for logging the java stack traces to ES and the end user to search for error patterns. I would be using filebeat to ship my stack traces as a single event using the multi line configuration. Say if my log is as below,
what would be the ideal recommended mapping so that user should be able to search either using "org.elasticsearch.transport.BindTransportException" or "BindTransportException" or (NettyTransport.java:402) etc...

org.elasticsearch.transport.BindTransportException: Failed to resolve host [null]
at org.elasticsearch.transport.netty.NettyTransport.bindServerBootstrap(NettyTransport.java:402)
at org.elasticsearch.transport.netty.NettyTransport.doStart(NettyTransport.java:283)
at org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:85)
at org.elasticsearch.transport.TransportService.doStart(TransportService.java:153)
at org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:85)
at org.elasticsearch.node.internal.InternalNode.start(InternalNode.java:257)
at org.elasticsearch.bootstrap.Bootstrap.start(Bootstrap.java:160)
at org.elasticsearch.bootstrap.Bootstrap.main(Bootstrap.java:248)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:32)
Caused by: java.net.UnknownHostException: incorrect_hostname: unknown error

You would be better off using Logstash for this.

Thanks for your reply.

My question is what should be the mapping in elasticsearch . i .e the analyzer for this field having logging messages

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.