What is the best query in kibana to select logs just from one app?

przemolb · December 11, 2017, 4:03pm

Hello,
having the following filebeat and logstash configuration:

# filebeat
filebeat.prospectors:
- input_type: log
  paths:
    - /var/log/*
  fields:
    type: system
  exclude_files: ['\.gz$', 'btmp*', 'wtmp*']
  close_inactive: 1h

- input_type: log
  paths:
    - /opt/app1/logs/*.log
  fields:
    type: app1
  exclude_files: ['\.gz$']
  close_inactive: 5h

output.logstash:
  hosts: ["x.x.x.x:5043"]

# logstash on x.x.x.x
input {
    beats {
        port => "5043"
    }
}
output {
    elasticsearch {
        hosts => [ "y.y.y.y:9200" ]
        manage_template => false
        index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
        document_type => "%{[@metadata][type]}"
    }
}

How do I create a query on kibana to select logs just from /opt/app1/logs/*.log files ?

system · January 8, 2018, 4:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.