Crypto Master
Reputation: 1
what is the best way to parsing the logs for .log and .json format
i am planning to prepare the one pipeline for different logs formatting.
- .json format
- .log format these are two type of logs which i need to create filter and grok patterns. what is the good ways please suggest.
i tried to follow the
filter
{
codec = json
source = "message"
}
but when i am trying to filter the .log format logstash is not going filter those except plain text.
Upvotes: 0
Views: 455
Answers (1)
Tal Taub
Reputation: 23
The best way is to separate the different log types to different logstash pipelines, in this way you have more control on filtering.
Here you can find the documentation on creating multiple pipelines: https://www.elastic.co/guide/en/logstash/current/multiple-pipelines.html
Upvotes: 0
Related Questions
- What is the difference between YAML and JSON?
- What is the "right" JSON date format?
- What is JSON and what is it used for?
- Is there any standard for JSON API response format?
- What should be the grok pattern for thoses logs ? (ingest pipeline for filebeat)
- Filebeat -> Logstash indexing documents twice
- grok filter logstash JSON parse error, original data now in message field
- Unable to extract fields form log line containing a mix of JSON and non-JSON data using grok in Logstash