stackoom
  简体   繁体   中英

Logstash filter using grok

 原文  2018-11-26 10:04:32       elasticsearch/ logstash/ elastic-stack/ logstash-grok

Question

I am new to ELK stack. Currently i have following logs- 

Transaction1 start
component test1 5s
component test2 10s
component test3 15s
Transaction1 ended with total time 30s
Transaction2 start
component test4 15s
component test5 20s
component test6 15s
Transaction2 ended with total time 50s

I want to index the individual components along with their time and Transactionid along with the mentioned total time.
ex- For Transaction1 the individual components are test1,test2 and test3. Using GROK will divide the logs into tokens. But how can the aggregation based on transactionid be achieved? How can this be achieved using logstash. Thanks

1 answers

solution1
 0  2018-11-27 19:16:09

Unless you can rewrite the logs as has been suggested, you should check out the multiline input codec , which will allow you to combine the lines into one message for logstash. You would then be able to grok across that line to extract what you want.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Filter Apache Error Logs in Logstash using grok logstash grok filter pattern Logstash grok filter integer If statement not working on grok filter logstash Logstash grok filter apache pattern Have a key value pair as logstash output, by only using grok filter Logstash Filter Grok for custom log Custom GROK filter - Logstash -> Elasticsearch Logstash JSON Grok filter issue Logstash grok filter to tag received and bounced messages
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM