How to get logs and it's data having word “error” in then and how to configure logstashPipeLine.conf file for the same?

时光怂恿深爱的人放手 提交于 2019-12-18 16:57:13

问题


Currently I am working on an application where I need to create documents from particular data from a file at specific location. I have set up logstash pipeline configuration.

Here is what it looks like currently:

input{
file{
path => "D:\ELK_Info\logstashInput.log"
start_position => "beginning"
}
}
#Possible IF condition here in the filter

output {
 #Possible IF condition here
  http {
    url => "http://localhost:9200/<index_name>/<type_name>"
    http_method => "post"
    format => "json"
  }
}

I want to provide IF condition in output before calling API. The condition should be like, "If data from input contains word 'Error', only then proceed further to call http API mentioned."

Any idea on how may I do the same?


回答1:


Please look at this link: Ignore and move to next pattern if log contains a specific word

The first step is to look whehther input has error as key word, if so, continue the parsing by second grok. If no, just forget the input.



来源:https://stackoverflow.com/questions/51749854/how-to-get-logs-and-its-data-having-word-error-in-then-and-how-to-configure-l

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!