-
-
Save BioQwer/01d8a6b26b473fa983819435fe2db615 to your computer and use it in GitHub Desktop.
Logstash Glassfish server.log config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Logstash config for Glassfish logs | |
| # Used in combination with slf4j and logback | |
| # Output: | |
| # - application: glassfish | |
| # - type: application or internal | |
| # - categorie: technical or functional | |
| input { | |
| # If running logstash under a different user then check your permission to be sure that | |
| # logstash has access to the server.log file. If logstash has no access to the file you | |
| # don't get an appropriate message to inform you! | |
| # I've put the umask of the Glassfish service to 0022. | |
| file { | |
| codec => multiline { | |
| negate => true | |
| pattern => '^\[\#\|\d{4}' | |
| patterns_dir => '/etc/logstash/conf.d/patterns' | |
| what => 'previous' | |
| } | |
| path => '/tmp/logs/server.log' | |
| type => 'glassfish' | |
| } | |
| } | |
| filter { | |
| mutate { | |
| 'add_field' => ['application', '%{type}'] | |
| } | |
| # Filter for 'type', application log messages are marked with '[GLF_INT]' by logback. | |
| if [message] =~ /\[GLF_INT\]/ { | |
| mutate { | |
| 'update' => ['type', 'application'] | |
| } | |
| # Grok filter uses the deprecated 'pattern' property for matching cause using the 'match' | |
| # property gives a grokfailure from time to time. | |
| grok { | |
| keep_empty_captures => true | |
| named_captures_only => true | |
| match => { "log" => "(?m)\[\#\|%{TIMESTAMP_ISO8601:timestamp}\|%{LOGLEVEL}\|%{DATA:server_version}\|%{JAVACLASS}\|%{DATA:thread}\|\[GLF_INT\]%{DATA:categorie}\|%{DATA:loglevel}\|%{DATA:class}\|line:%{DATA:linenumber}\|%{DATA:message_detail}\|\#\]" } | |
| } | |
| } else { | |
| mutate { | |
| 'add_field' => ['categorie', 'technical'] | |
| 'update' => ['type', 'internal'] | |
| } | |
| grok { | |
| keep_empty_captures => true | |
| named_captures_only => true | |
| match => { "log" => "(?m)\[\#\|%{TIMESTAMP_ISO8601:timestamp}\|%{LOGLEVEL:loglevel}\|%{DATA:server_version}\|%{JAVACLASS:class}\|%{DATA:thread}\|%{DATA:message_detail}\|\#\]"} | |
| patterns_dir => '/etc/logstash/conf.d/patterns' | |
| } | |
| } | |
| if [type] == 'application' and [categorie] == '' { | |
| mutate { | |
| update => ['categorie', 'technical'] | |
| } | |
| } | |
| date { | |
| match => ['timestamp', 'ISO8601'] | |
| } | |
| } | |
| output { | |
| elasticsearch { | |
| hosts => "vcpevc:9200" | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment