Commit 7357b65e authored by Alcides Viamontes E's avatar Alcides Viamontes E

Added basic log-level support

parent 138aa57c
......@@ -34,6 +34,9 @@
"message": {
"norms": false,
"type": "text"
},
"log-level": {
"type": "keyword"
}
}
}
......
......@@ -9,18 +9,29 @@ filter {
]
}
# Put patterns for the logs here, more specific first...
# to test the patterns, call `scripts/dev/restart-logstash.sh`
# and produce one of the messages you need.
grok {
match => {
"message" => "Uploaded %{NUMBER:uploaded_msg_count:integer} messages"
}
}
match => {
"message" => "Level\: %{LOGLEVEL:log-level}, Time\: %{TIMESTAMP_ISO8601:datestamp}[,0-9]* Message: (?<real_message>.*)"
}
match => {
"message" => "\[%{TIMESTAMP_ISO8601:timestamp}[,0-9]*: (?<log-level>ERROR)/[a-zA-Z0-9-]+\] Task (?<task-name>[^\[]+)\[(?<task-id>[^\]]+)\] (?<real_message>.*)"
}
}
if "beats_input_codec_plain_applied" in [tags] {
mutate {
replace => {
"message" => "%{real_message}"
}
# grok {
# match => {
# # Level: INFO, Time: 2018-05-15 08:36:42,211, Message: Uploaded 1000 messages
# "message" => "Level\: %{LOGLEVEL:log-level}, Time\: %{DATESTAMP:datestamp}[,0-9]* Message: .*"
# }
# }
remove_field => [ "real_message" ]
}
}
}
output {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment