NayabSiddiqui/logstash.conf

## logstash.conf
input {
    file {
        type => "java"
        path => "D:/Workspace/Public/spring-microservies-monitoring/books-api.log"
        codec => multiline {
            pattern => "^%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}.*"
            negate => "true"
            what => "previous"
        }
    }
    file {
        type => "java"
        path => "D:/Workspace/Public/spring-microservies-monitoring/countries-api.log"
        codec => multiline {
            pattern => "^%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}.*"
            negate => "true"
            what => "previous"
        }
    }
}
filter {
    #If log line contains tab character followed by 'at' then we will tag that entry as stacktrace
    if [message] =~ "\tat" {
        grok {
            match => ["message", "^(\tat)"]
            add_tag => ["stacktrace"]
        }
    }

    #Grokking Spring Boot's default log format
    grok {
        match => {
            "message" => "%{TIMESTAMP_ISO8601:timestamp}\s+%{LOGLEVEL:severity}\s+\[%{DATA:service},%{DATA:trace},%{DATA:span},%{DATA:exportable}\]\s+%{DATA:pid}---\s+\[%{DATA:thread}\]\s+%{DATA:class}\s+:\s+%{GREEDYDATA:rest}"
            }
    }
}
output {
    # Print each event to stdout, useful for debugging. Should be commented out in production.
    # Enabling 'rubydebug' codec on the stdout output will make logstash
    # pretty-print the entire event as something similar to a JSON representation.
    stdout {
        codec => rubydebug
    }

    # Sending properly parsed log events to elasticsearch
    elasticsearch {
        hosts => ["localhost:9200"]
    }
}
	input {
	file {
	type => "java"
	path => "D:/Workspace/Public/spring-microservies-monitoring/books-api.log"
	codec => multiline {
	pattern => "^%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}.*"
	negate => "true"
	what => "previous"
	}
	}
	file {
	type => "java"
	path => "D:/Workspace/Public/spring-microservies-monitoring/countries-api.log"
	codec => multiline {
	pattern => "^%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}.*"
	negate => "true"
	what => "previous"
	}
	}
	}
	filter {
	#If log line contains tab character followed by 'at' then we will tag that entry as stacktrace
	if [message] =~ "\tat" {
	grok {
	match => ["message", "^(\tat)"]
	add_tag => ["stacktrace"]
	}
	}

	#Grokking Spring Boot's default log format
	grok {
	match => {
	"message" => "%{TIMESTAMP_ISO8601:timestamp}\s+%{LOGLEVEL:severity}\s+\[%{DATA:service},%{DATA:trace},%{DATA:span},%{DATA:exportable}\]\s+%{DATA:pid}---\s+\[%{DATA:thread}\]\s+%{DATA:class}\s+:\s+%{GREEDYDATA:rest}"
	}
	}
	}
	output {
	# Print each event to stdout, useful for debugging. Should be commented out in production.
	# Enabling 'rubydebug' codec on the stdout output will make logstash
	# pretty-print the entire event as something similar to a JSON representation.
	stdout {
	codec => rubydebug
	}

	# Sending properly parsed log events to elasticsearch
	elasticsearch {
	hosts => ["localhost:9200"]
	}
	}