I am very new to logstash. I can just run the logstart jar file and can see a web page. This is cool ~~
Now, I want to change the following line (syslog message) in the next line.
Feb. 19 18:45:29 SD550 jack: rig, 0x10004,10,20,30,40 == & gt; {'Timestamp': 'Feb 19 18:45:29,' 'Host': 'SD 550', 0x1000: 10, 0x1001: 20, 0x1002: 30, 0x1003: 40} In the log message, '0x1000' is an initial register address, '4' is the number of register values, and the next value is just value. Therefore, this means 0x1000: 10, 0x1001: 20, 0x1002: 30, 0x1003: 40. One important point is that the register is able to change the number of values. As a result, the log message length can be variable. Although it is any length, I want to get a fair result. (Eg, 0x2000,2,12,22 ==> 0x2000: 12, 0x2001: 22)
This is my incomplete config file for logsache. I got some filters like groove, mutate and extract. But, I do not know what I want to do.
input {file {path = & gt; "/ Var / log / syslog" type = & gt; "Syslog"}} Filters {???} } Output {elasticsearch {}} I know people want me a lot, apart from this, my ultimate goal is to set a time (x) / VALUE for a specific register in Kibana Y) Chart to draw is it possible? Can you have some advice from you?
Thank you, Youngmin Kim
There are many types of messy patterns, which will help you with it. % {SYSLOGBASE} will get a timestamp and host for you, and then the rest can probably be caught with patterns like% {NUMBER}
due to your variable log length your patterns are responsive to get a little complex For, though, I think that you can participate with all the numbers and arrange them in array, then in your mutated you can map them at the register value.
As far as the production happens in Kibana, it will not be very difficult after your data is formatted properly. There is a time series built in graph type which is easy to populate.
Comments
Post a Comment