Skip to content

Instantly share code, notes, and snippets.

@chetanmeh

chetanmeh/logstash-cq.conf

Last active December 23, 2015 08:19
Show Gist options
  • Save chetanmeh/6607253 to your computer and use it in GitHub Desktop.
Save chetanmeh/6607253 to your computer and use it in GitHub Desktop.
Download ZIP
cq-logstash
Raw
readme.md

Steps to run Logstash

$ wget https://logstash.objects.dreamhost.com/release/logstash-1.2.1-flatjar.jar
$ wget https://gist.github.com/chetanmeh/6607253/raw/logstash-cq.conf

Edit the conf file to change file path

$ java -jar logstash-1.2.1-flatjar.jar agent -f logstash-cq.conf    -- web

Access the Kibana UI at http://localhost:9292

A simpler way would have been to use TCP input in Logstash and stream any log file. But it currently causes [issues][1] with 1.2.1 version. So used the file input to import the data

[1] https://logstash.jira.com/browse/LOGSTASH-1310

Raw
logstash-cq.conf
#Logstash Config File for parsing existing Logs in Cq/Sling based application
input {
stdin {
type => "stdin-type"
}
file {
type => "cq-ci-author"
path => ["/path/crx-quickstart/logs/error.log"]
debug => false
sincedb_path => "./data/sincedb/cq-logs-author"
start_position => "beginning"
}
}
filter {
multiline {
#type => "all" # no type means for all inputs
#Anything which does not start with number as in Sling log the line starts with time
#Anything else indicates continuation of the error message
pattern => "(^\s+.+)|(^[^0-9]+.+)|(^[\s]*$)"
what => "previous"
}
grok {
match => { "message" => "(?m)%{DATE:date}%{SPACE}%{TIME:time} \*%{LOGLEVEL:level}\* \[%{DATA:thread}\] %{DATA:category} %{GREEDYDATA:msg}" }
add_field => [ "logtime", "%{date}:%{time}" ]
}
date {
match => ["logtime", "dd.MM.yyyy:HH:mm:ss.SSS"]
}
}
output {
# stdout { debug => true }
elasticsearch { embedded => true }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment