Created
July 19, 2016 03:15
-
-
Save mallim/8c3882c640d8fe88ee79f2d806701764 to your computer and use it in GitHub Desktop.
Logstash config for Spring Boot's default logging
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
input { | |
file { | |
type => "java" | |
tags => [ "fornax-data-share-eureka" ] | |
# Logstash insists on absolute paths... | |
path => "D:/fornax-data-share-runtime/eureka/fornax-data-share-eureka.log" | |
codec => multiline { | |
pattern => "^%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}.*" | |
negate => "true" | |
what => "previous" | |
} | |
} | |
} | |
filter { | |
#If log line contains tab character followed by 'at' then we will tag that entry as stacktrace | |
if [message] =~ "\tat" { | |
grok { | |
match => ["message", "^(\tat)"] | |
add_tag => ["stacktrace"] | |
} | |
} | |
#Grokking Spring Boot's default log format | |
grok { | |
match => [ "message", | |
"(?<timestamp>%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}) %{LOGLEVEL:level} %{NUMBER:pid} --- \[(?<thread>[A-Za-z0-9-]+)\] [A-Za-z0-9.]*\.(?<class>[A-Za-z0-9#_]+)\s*:\s+(?<logmessage>.*)", | |
"message", | |
"(?<timestamp>%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}) %{LOGLEVEL:level} %{NUMBER:pid} --- .+? :\s+(?<logmessage>.*)" | |
] | |
} | |
#Parsing out timestamps which are in timestamp field thanks to previous grok section | |
date { | |
match => [ "timestamp" , "yyyy-MM-dd HH:mm:ss.SSS" ] | |
} | |
} | |
output { | |
# Print each event to stdout, useful for debugging. Should be commented out in production. | |
# Enabling 'rubydebug' codec on the stdout output will make logstash | |
# pretty-print the entire event as something similar to a JSON representation. | |
stdout { | |
codec => rubydebug | |
} | |
# Sending properly parsed log events to elasticsearch | |
elasticsearch { | |
hosts => [ "192.168.190.11:9200" ] | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Great template, thanks! I replaced the two spaces between
TIME
andLOGLEVEL
by\s*
, otherwise it doesn't pick up log lines with levelERROR
. In that case there is only one space in front of it.