I am setting up elk cluster with filebeat. I am trying to create filter in logstash config file with following format (Date: component: level: message). But the filter is not working.
2021-08-17 18:57:33 component INFO msg
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} %{DATA:component} %{LOGLEVEL:logLevel} -%{GREEDYDATA:logMessage}" }
}
Try this:
input:
2021-08-17 18:57:33 component INFO msg
grok pattern:
%{TIMESTAMP_ISO8601:timestamp} %{DATA:component} %{LOGLEVEL:logLevel} %{GREEDYDATA:logMessage}
output:
{
"timestamp": [
[
"2021-08-17 18:57:33"
]
],
"YEAR": [
[
"2021"
]
],
"MONTHNUM": [
[
"08"
]
],
"MONTHDAY": [
[
"17"
]
],
"HOUR": [
[
"18",
null
]
],
"MINUTE": [
[
"57",
null
]
],
"SECOND": [
[
"33"
]
],
"ISO8601_TIMEZONE": [
[
null
]
],
"component": [
[
"component"
]
],
"logLevel": [
[
"INFO"
]
],
"logMessage": [
[
"msg"
]
]
}