I've setup the Elasticsearch, Logstash, Kibana log viewing tools on my systems. There are 2 machines in my configuration now (Amazon EC2 instances): 54.251.120.171 - Logstash-server where ELK is...

Basic is a float field. The mentioned index is not present in elasticsearch. When running the config file with logstash -f, I am getting no exception. Yet, the data reflected and entered in elastic...

Background: I have a custom generated log file that has the following pattern : [2014-03-02 17:34:20] - 127.0.0.1|ERROR| E:\xampp\htdocs\test.php|123|subject|The error message goes here ; array (...

I have a fixed position (column) file, where there is no delimiter which separates the fields. Each field has its own start position and length. Here is the example of the data: 520140914191193386...

I've got a JSON of the format: { "SOURCE":"Source A", "Model":"ModelABC", "Qty":"3" } I'm trying to parse this JSON using logstash. Basically I want the logstash output to be a list of key:va...

I'm having issues with grok parsing. In ElasticSearch/Kibana the lines I match come up with the tag _grokparsefailure. Here is my logstash config : input { file { type => logfile path =&...

I am using Logstash to parse postfix logs. I am mainly focused to get bounced email logs from postfix logs, and store it in database. In order to get logs, first I need to find ID generated by po...

I have seen Grok being very strong and lethal in parsing the log data. I wanted to use Grok for log parsing in our application, which is in java.. How can i connect/work with Grok from Java.?

I am trying to add new filed in grok filter which supposed to an arithmetic expression of the fields that are extracted by grok match command. Unfortunately was not able to figure out the correct ...

We want to set up a server for logstash for a couple of different project in our company. Now I try to enable them in Kibana. My question is: If I have different patterns of the logfiles, how can ...

I'm a bit confused. I'm trying to pull out the syslog date (backfilling the logstash) and replace the @timestamp with it. I've tried almost everything. This is my filter filter { if [type] == "s...

If I have the text: test: firstString, blah: anotherString, blah:lastString How can I get the text "firstString" My regex is: test:(.*), EDIT Which brings back firstString, blah: anotherStr...

In my Logstash shipper I want to filter out lines commented with the hash character: #This log row should be dropped. But one this should not. I was able to use grep filter, but as it is discour...

I have logs that come in from that are in this format. I have assigned the logstash variable to the pattern below. I believe that I have each of these elements assigned properly with the predefined...