Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Logstash Glassfish server.log config
# Logstash config for Glassfish logs
# Used in combination with slf4j and logback
# Output:
# - application: glassfish
# - type: application or internal
# - categorie: technical or functional
input {
# If running logstash under a different user then check your permission to be sure that
# logstash has access to the server.log file. If logstash has no access to the file you
# don't get an appropriate message to inform you!
# I've put the umask of the Glassfish service to 0022.
file {
codec => multiline {
'negate' => true
'pattern' => '^\[\#\|\d{4}'
'patterns_dir' => '/opt/logstash/agent/etc/patterns'
'what' => 'previous'
}
'path' => '/var/log/glassfish/greyhound/server.log'
'type' => 'glassfish'
}
}
filter {
mutate {
'add_field' => ['application', '%{type}']
}
# Filter for 'type', application log messages are marked with '[GLF_INT]' by logback.
if [message] =~ /\[GLF_INT\]/ {
mutate {
'update' => ['type', 'application']
}
# Grok filter uses the deprecated 'pattern' property for matching cause using the 'match'
# property gives a grokfailure from time to time.
grok {
'keep_empty_captures' => true
'named_captures_only' => true
'pattern' => '(?m)\[\#\|%{TIMESTAMP_ISO8601:timestamp}\|%{LOGLEVEL}\|%{DATA:server_version}\|%{JAVACLASS}\|%{DATA:thread}\|\[GLF_INT\]%{DATA:categorie}\|%{DATA:loglevel}\|%{DATA:class}\|line:%{DATA:linenumber}\|%{DATA:message_detail}\|\#\]'
'patterns_dir' => '/opt/logstash/agent/etc/patterns'
}
} else {
mutate {
'add_field' => ['categorie', 'technical']
'update' => ['type', 'internal']
}
grok {
'keep_empty_captures' => true
'named_captures_only' => true
'pattern' => '(?m)\[\#\|%{TIMESTAMP_ISO8601:timestamp}\|%{LOGLEVEL:loglevel}\|%{DATA:server_version}\|%{JAVACLASS:class}\|%{DATA:thread}\|%{DATA:message_detail}\|\#\]'
'patterns_dir' => '/opt/logstash/agent/etc/patterns'
}
}
if [type] == 'application' and [categorie] == '' {
mutate {
'update' => ['categorie', 'technical']
}
}
date {
'match' => ['timestamp', 'ISO8601']
}
}
output {
redis {
'data_type' => 'list'
'host' => '172.168.1.250'
'key' => 'logstash'
}
}
@BioQwer

This comment has been minimized.

Copy link

BioQwer commented Dec 26, 2016

Which version of logstash do you use when created this pattern?

For me it doesn't work, but i pipe standard glassfish logs.

@RomkeVdMeulen

This comment has been minimized.

Copy link

RomkeVdMeulen commented Dec 5, 2019

Note that %{JAVACLASS:class} will fail to parse errors like

[#|2019-12-05T15:09:28.010+0100|WARNING|glassfish 5.0|org.eclipse.persistence.session./file:/my/glassfish/install/nodes/my-node/my-app/applications/app/WEB-INF/classes/_datasource|_ThreadID=111;_ThreadName=ajp-listener(5);_TimeMillis=1575400168010;_LevelValue=900;|...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.