Installing Logstash

To install Logstash:

  1. Download its ZIP package from https://www.elastic.co/downloads/logstash.
  2. Unzip the package.

In the case of Logstash, simply downloading and running it will not suffice. We must configure it to understand the structure of our Spring log file. We do this by creating a Logstash configuration file. A Logstash config file contains three critical sections. These are the input, filter, and output sections. Each section sets up plugins that play a role in the processing of log files. Create a logstash.conf file in a suitable directory and add the following code to it:

input {
  file {
    type => "java"
    path => "/<path-to-project>/place-reviewer/application.log"
    codec => multiline {
      pattern => "^%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}.*"
      negate => "true"
      what => "previous"
    }
  }
}

filter {
  #Tag log lines containing tab character followed by 'at' as stacktrace.
  if [message] =~ "	at" {
    grok {
      match => ["message", "^(	at)"]
      add_tag => ["stacktrace"]
    }
  }
  #Grok Spring Boot's default log format
  grok {
    match => [ "message", 
               "(?<timestamp>%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME})  
                %{LOGLEVEL:level} %{NUMBER:pid} --- [(?<thread>
                [A-Za-z0-9-]+)][A-Za-z0-9.]*.(?<class>
                [A-Za-z0-9#_]+)s*:s+(?<logmessage>.*)",
               "message",
               "(?<timestamp>%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME})  
                %{LOGLEVEL:level} %{NUMBER:pid} --- .+? 
                :s+(?<logmessage>.*)"
             ]
  }

  #Parsing timestamps in timestamp field
  date {
    match => [ "timestamp" , "yyyy-MM-dd HH:mm:ss.SSS" ]
  }
}

output {
  # Print each event to stdout and enable rubydebug.
  stdout {
    codec => rubydebug
  }
  # Send parsed log events to Elasticsearch
  elasticsearch {
    hosts => ["127.0.0.1"]
  }
}

Explaining what all plugins in the preceding code snippet do is beyond the scope of this book. Comments have been added where necessary to facilitate a better understanding. Change path in the file plugin of the input section to the absolute path of the Place Reviewer application's application.log file.

Once done with the Logstash configuration file, run Logstash with the following command:

/bin/logstash -f logstash.conf

Logstash should begin storing stashing log events if things were configured properly. The last thing on our agenda is to configure Kibana to read the stashed data.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.224.54.168