Need to filter the message section of logs #47
Description
@shazChaudhry Hope you are doing good.
I am working on configuring ELK with filebeat on docker. I have all the logs available on Kinbana dashboard, which are coming from filebeat docker.
Now my query is how to filter the message content of a log file which is coming from another server.
I have included the following lines in logstash.conf file which is in ELK stack server.
filter {
#/var/log/xxx/error.log
if ([log][file][path] =~ "/logs/error.log") {
grok {
match => { "message" => "%{DATE:date} %{TIME:time} | %{LOGLEVEL:loglevel} | %{IP:client_ip} [%{NUMBER:bytes}] %{WORD:method} /%{NOTSPACE:request_page} HTTP/%{NUMBER:http_version} | %{GREEDYDATA:logmessage}" }
}
}
}
However, it is not working.
here is my filebeat-docker.yml
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
processors:
- add_cloud_metadata: ~
filebeat.inputs:
- type: log
enabled: true
paths:- "/var/log/apache2/*.log"
exclude_files: ['.gz$']
json.message_key: log
include_lines: ['^ERR', '^WARN']
- "/var/log/apache2/*.log"
output.elasticsearch:
hosts: '${ELASTICSEARCH_HOSTS:elasticsearch:9200}'
Can you please suggest on this?
Sabil.