elasticsearch - How to extract variables from log file path, test log file name for pattern in Logstash? -

-

i have aws elasticbeanstalk instance logs on s3 bucket.

path logs is:

resources/environments/logs/publish/e-3ykfgdfgmp8/i-cf216955/_var_log_nginx_rotated_access.log1417633261.gz

which translates :

resources/environments/logs/publish/e-[random environment id]/i-[random instance id]/

the path contains multiple logs:

_var_log_eb-docker_containers_eb-current-app_rotated_application.log1417586461.gz _var_log_eb-docker_containers_eb-current-app_rotated_application.log1417597261.gz _var_log_rotated_docker1417579261.gz _var_log_rotated_docker1417582862.gz _var_log_rotated_docker-events.log1417579261.gz _var_log_nginx_rotated_access.log1417633261.gz

notice there's random number (timestamp?) inserted aws in filename before ".gz"

problem need set variables depending on log file name.

here's configuration:

input {         s3 {                 debug => "true"                 bucket => "elasticbeanstalk-us-east-1-something"                 region => "us-east-1"                 region_endpoint => "us-east-1"                 credentials => ["..."]                 prefix => "resources/environments/logs/publish/"                 sincedb_path => "/tmp/s3.sincedb"                 backup_to_dir => "/tmp/logstashed/"                 tags => ["s3","elastic_beanstalk"]                 type => "elastic_beanstalk"         } }  filter {  if [type] == "elastic_beanstalk" {   grok {     match => [ "@source_path", "resources/environments/logs/publish/%{environment}/%{instance}/%{file}<unnecessary_number>.gz" ]   }  } }

in case want extract environment , instance , file name path. in file name need ignore random number. doing right way? full, correct solution this?

another question how can specify fields custom log format particular log file above?

this like: (meta-code)

filter {      if [type] == "elastic_beanstalk" {        if [file_name] begins "application_custom_log" {          grok {              match => [ "message", "%{ip:client} %{word:method} %{uripathparam:request} %{number:bytes} %{number:duration}" ]           }        }         if [file_name] begins "some_other_custom_log" {         ....        }      }     }

how test file name pattern?

for first question, , assuming @source_path contains full path, try:

match => [ "@source_path", "logs/publish/%{notspace:env}/%{notspace:instance}/%{notspace:file}%{number}%{notspace:suffix}" ]

this create 4 logstash field you:

  • env
  • instance
  • file
  • suffix

more information available on grok man page , should test grok debugger.

to test fields in logstash, use conditionals, e.g.

if [field] == "value" if [field] =~ /regexp/

etc.

note it's not necessary grok. can have multiple 'match' arguments, , (by default) stop after hitting first 1 matches. if patterns exclusive, should work you.


Comments

Post a Comment

Popular posts from this blog

python - mat is not a numerical tuple : openCV error -

-
i have write down code showing error ma not getting it: please help: showing mat not numerical tuple: import cv import cv2 capture = cv2.videocapture("j.3gp") while(1): _, frame1 = capture.read() grayimage1 = cv2.cvtcolor(frame1, cv2.color_bgr2gray) _, frame2 = capture.read() grayimage2 = cv2.cvtcolor(frame2, cv2.color_bgr2gray) differenceimage = cv2.absdiff(grayimage1,grayimage2) thresholdimage = cv2.threshold(differenceimage,25,255,cv2.thresh_binary) cv2.imshow("difference image", differenceimage) cv2.imshow("threshold image", thresholdimage) cv2.imshow("image", frame1) k = cv2.waitkey(30) & 0xff error arising : ----------------------------------------------------------------------------------------- traceback (most recent call last): file "desk.py", line 15, in <module> cv2.imshow("threshold image", thresholdimage) typeerror: mat not numerical tuple
Read more

c# - MSAA finds controls UI Automation doesn't -

-
i'm working on automating windows application. i'm using teststack white framework. i've hit problem. program has 'window' object cannot see inside of. white shows no controls inside of it. inspect.exe shows no controls inside of either when running in ui automation mode. if switch inspect msaa see controls inside fine. there anyway me use msaa c# handle on these controls? if can identify msaa functions need, can use p/invoke call them c#. here's example article doing msaa: http://www.codeproject.com/articles/38906/ui-automation-using-microsoft-active-accessibility also, pinvoke.net can used identify iaccessible (msaa) functions: http://www.pinvoke.net/search.aspx?search=iaccessible&namespace=[all] here's answer along lines: msaa com-based? finally, alternative p/invoke, might able use tlbimp.exe create wrapper assembly oleacc.dll, , access msaa functions through it. i'm not sure if works msaa, it's worth try. as e
Read more

wordpress - .htaccess: RewriteRule: bad flag delimiters -

-
pulling hair out on one. have following .htaccess file custom redirects in addition wordpress's default settings. when tested on local wamp server worked fine after moving production i'm not getting rewriterule: bad flag delimiters error in server log , after while site goes down internal server error any appreciated. in advance! <ifmodule mod_rewrite.c> rewriteengine on rewritebase / rewriterule ^rockford_weddings___welcome\.html$ /wedding/ [r=301,l] rewriterule ^blog/?$ /journal/ [r=301,l] rewriterule ^blog/(.*)$ /$1 [r=301,l] rewriterule ^portraitinvestment/?$ /portraitinvestment\.pdf [r=301,l] rewriterule ^weddinginvestment/?$ /weddinginvestment\.pdf [r=301,l] rewriterule ^holidaycards2014/?$ /holidaycards2014\.pdf [r=301,l] </ifmodule> # begin wordpress <ifmodule mod_rewrite.c> rewriteengine on rewritebase / rewriterule ^index\.php$ - [l] rewritecond %{request_filename} !-f rewritecond %{request_filename} !-d rewriterule . /index.php [l] </
Read more