logstash & elasticsearch

|, , |電腦編程

Discovered logstash last year, finally I have played around logstash and elasticsearch during weekend, pretty easy to walk through Getting Started. However when I try to customize pattern for work-related log, its documentation does not come with good example and its API changed between 1.2 and 1.3… some search result from google using deprecated version. Anyway here is only document what I played so far. Preparation: Download a “flat” jar (logstash integrated with elasticsearch now): http://download.elasticsearch.org/logstash/logstash/logstash-1.3.3-flatjar.jar required curl, if it does not installed yet: $ sudo apt-get install curl Tasting: – Walk through “Getting started with logstash (standalone server example)” – For production, input would better be log4j rather than file, here just a test. config file: Since the log4j timestamp does not use ISO format, need to define it. see http://logstash.net/docs/1.3.3/filters/grok#patterns_dir create a folder named “pattern”, create a file inside and save with follow content.

N.B. in xml filter, remember to define target => “xxxx”! Otherwise console debug logged xmlparsefailure and NoMethodException. With it, all first level children xml tags will be indexed and fields will be created automatically, no need to setup XPath. okay, now run $ java -jar logstash-1.3.3-flatjar.jar agent -f test.conf -- web By paste following line to ‘standard in’ or listened log file: (xml from w3school example)

then, by debug=true, logstash shell console display information. And it will send to elasticsearch with following result. Now go to http://localhost:9292/index.html#/dashboard/file/logstash.json to see the result!

Read more »
...102021222324...50...