logstash-grok Questions
4
Solved
In my system, the insertion of data is always done through csv files via logstash. I never pre-define the mapping. But whenever I input a string it is always taken to be analyzed, as a result an en...
Candancecandela asked 15/12, 2014 at 11:44
2
I have two related questions. First is how best to grok logs that have "messy" spacing and so on, and the second, which I'll ask separately, is how to deal with logs that have arbitrary attribute-v...
Spiel asked 7/8, 2015 at 18:7
1
Solved
Currently I am doing something like this in my logstash config file :
filter {
...
mutate {
...
convert => {
"blahId" => "integer"
"blahblahId" => "integer"
...
...
"b...blahId" ...
Idealism asked 4/7, 2016 at 6:7
1
Solved
So, let's assume that I have a portion of a log line that looks something like this:
GET /restAPI/callMethod1/8675309
The GET matches a http method, and get's extracted, the remainder matches a ...
Job asked 18/8, 2016 at 16:8
2
Solved
I'm a new user to ELK stack. I'm using UWSGI as my server. I need to parse my uwsgi logs using Grok and then analyze them.
Here is the format of my logs:-
[pid: 7731|app: 0|req: 357299/357299] Cl...
Goodsell asked 1/3, 2015 at 8:3
1
Solved
I understand the concept of writing regular expressions using capturing and non-capturing groups.
Ex:
a(b|c) would match and capture ab and ac
a(?:b|c) would match ab and ac but capture a
But h...
Chaqueta asked 8/7, 2016 at 16:34
2
Solved
I'm using Grok & Logstash to send access logs from Nginx to Elastic search. I'm giving Logstash all my access logs (with a wildcard, works well) and I would like to get the filename (some part ...
Hamiltonian asked 21/5, 2014 at 10:4
1
Solved
I've been asked to consolidate our log4j log files (NOT using Socket calls for now) into a Logstash JSON file that I'll then feed to Elasticsearch. Our code use the RollingFileAppender. Here's an e...
Anorthosite asked 20/6, 2016 at 20:48
1
Solved
I am using Logstash to output JSON message to an API. On Simple Log lines, my grok pattern and configurations are working absolutely fine, But I am unable to get the values dynamically out during e...
Pauper asked 7/6, 2016 at 12:15
1
Solved
I am using Logstash to output JSON message to an API. I am using "mapping" attribute to map my message. See, following piece of my shipper configurations.
output {
stdout { }
http {
url => ...
Tussah asked 2/6, 2016 at 6:44
1
Solved
I have two URLs (due to security concern i will explain by using dummy)
a> https://xyz.company.com/ui/api/token
b> https://xyz.company.com/request/transaction?date=2016-01-21&token=<...
Bernhardt asked 25/5, 2016 at 11:55
5
I am new to regular expressions but I think people here may give me valuable inputs. I am using the logstash grok filter in which I can supply only regular expressions.
I have a string like this
...
Fortuitous asked 23/11, 2012 at 5:20
2
I've got data coming from kafka and I want to send them to ElasticSearch. I've got a log like this with tags:
<TOTO><ID_APPLICATION>APPLI_A|PRF|ENV_1|00</ID_APPLICATION><TN>...
Civics asked 12/1, 2016 at 15:14
1
Solved
I have a logfile which looks like this ( simplified)
Logline sample
MyLine data={"firstname":"bob","lastname":"the builder"}
I'd like to extract the json contained in data and create two fields...
Literator asked 26/11, 2015 at 11:49
2
Solved
I have php log of this format
[Day Mon DD HH:MM:SS YYYY] [Log-Type] [client <ipv4 ip address>] <some php error type>: <other msg with /path/of/a/php/script/file.php and something el...
Jalapa asked 17/1, 2015 at 10:45
1
Solved
I am having nginx error logs of the below form:-
2015/09/30 22:19:38 [error] 32317#0: *23 [lua] responses.lua:61:
handler(): Cassandra error: Error during UNIQUE check: Cassandra
error: connec...
Primalia asked 6/10, 2015 at 12:23
1
Solved
(This is related to my other question logstash grok filter for custom logs )
I have a logfile whose lines look something like:
14:46:16.603 [http-nio-8080-exec-4] INFO METERING - msg=93e6dd5e-c00...
Bouchard asked 7/8, 2015 at 18:14
1
Solved
I have been trying to parse my python traceback logs using logstash. My logs look like this:
[pid: 26422|app: 0|req: 73/73] 192.168.1.1 () {34 vars in 592 bytes} [Wed Feb 18 13:35:55 2015] GET /da...
Ellanellard asked 22/6, 2015 at 10:27
2
BACKGROUND:
We have rsyslog creating log files directories like: /var/log/rsyslog/SERVER-NAME/LOG-DATE/LOG-FILE-NAME
So multiple servers are spilling out their logs of different dates to a centra...
Delores asked 2/6, 2015 at 10:43
1
Solved
I have JSON file that I'm sending to ES through logstash. I would like to remove 1 field ( It's deep field ) in the JSON - ONLY if the value is NULL.
Part of the JSON is:
"input": {
"startDate":...
September asked 21/5, 2015 at 9:4
2
Solved
I am trying to adjust path name so that it no longer has the time stamp attached to the end. I am input many different logs so it would be impractical to write a conditional filter for every possib...
Acalia asked 14/5, 2015 at 15:42
1
Solved
I'm trying to parse a logfile using grok
Each line of the logfile has fields separated by commas:
13,home,ABC,Get,,Private, Public,1.2.3 ecc...
I'm using match like this:
match => [ "message...
Fruiter asked 6/5, 2015 at 17:30
1
Solved
I have ELK installed and working in my machine, but now I want to do a more complex filtering and field adding depending on event messages.
Specifically, I want to set "id_error" and "descripcio" ...
Pallaton asked 23/4, 2015 at 14:33
1
Solved
I'm creating a logstash grok filter to pull events out of a backup server, and I want to be able to test a field for a pattern, and if it matches the pattern, further process that field and pull ou...
Malissa asked 14/3, 2015 at 6:14
1
I have a bunch of log files that are named as 'XXXXXX_XX_yymmdd_hh:mm:ss.txt' - I need to include the date and time (separate fields) from the filename in fields that are added to Logstash.
Can an...
Nicely asked 2/2, 2015 at 11:44
© 2022 - 2024 — McMap. All rights reserved.