Custom log with Logstash+ logstash forwarder+ kibana+Elasticsearch
Question
I have configured Logstash+ logstash forwarder + kibana + Elasticsearch. Its working with system logs like Apache error logs & syslogs. Now, I have a application log, Like below,
Sender: sender@domain.com create_time: Thu Sep 4 02:41:54 2014 recipient: automation@domain.com
How can i read the above log file through kibana. Kindly someone help me in this regard. Your help much appropriated.
2 answers
solution1
0 2014-12-12 13:46:50
Your logstash should analyze your logs before to push them into elasticsearch.
I think that currently, your logstash has an input (lumberjack) and an output (ES). You should add at least one grok filter (the most popular) to extract new semantic fields.
Then you will be able to create visualizations according to these new fields :)
See here: logstash.net/docs/1.4.2/filters/grok
solution2
0 2020-06-05 21:04:14
Use logstash forwarder to export logs and send the logs to logstash [ via lumberjack protocol].
In logstash filter plugin, use grok pattern for apache logs to get this working and output this elasticsearch node.
You can then use kibana to read the data from elasticsearch and visualise it accordingly.
Now, this can be replaced by using filebeat at the source end which can export the data and requires no development in logstash for something like apache logs. This will enable you to send data from filebeat [ apache logs] directly to elasticsearch and visualise from kibana.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.