user5591691
Reputation:
Logstash filter using grok
I am new to ELK stack. Currently i have following logs-
Transaction1 start
component test1 5s
component test2 10s
component test3 15s
Transaction1 ended with total time 30s
Transaction2 start
component test4 15s
component test5 20s
component test6 15s
Transaction2 ended with total time 50s
I want to index the individual components along with their time and Transactionid along with the mentioned total time.
ex- For Transaction1 the individual components are test1,test2 and test3.
Using GROK will divide the logs into tokens. But how can the aggregation based on transactionid be achieved?
How can this be achieved using logstash. Thanks
Upvotes: 0
Views: 55
Answers (1)
Alain Collins
Reputation: 16362
Unless you can rewrite the logs as has been suggested, you should check out the multiline input codec, which will allow you to combine the lines into one message for logstash. You would then be able to grok across that line to extract what you want.
Upvotes: 0
Related Questions
- elastic search grok filter
- Creating custom grok filters
- Grok filter for application logs
- logstash grok filter pattern
- Logstash GROK filter for tomcat logs
- Filter logs with grok in logstash
- How to add condition to my logstash grok filter?
- GROK custom pattern filter in logstash
- Custom grok filter for logstash
- logstash grok filter for custom logs