Created
January 26, 2016 07:15
-
-
Save LexxFedoroff/587dc4eddf2e2416220a to your computer and use it in GitHub Desktop.
Logstash config for Cassandra logs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| file { | |
| path => "/var/log/cassandra/system.log" | |
| #start_position => "beginning" | |
| } | |
| #stdin { } | |
| } | |
| filter { | |
| multiline { | |
| pattern => "^(INFO|WARN|ERROR)" | |
| what => "previous" | |
| negate=> true | |
| } | |
| grok { | |
| match => [ "message", "%{LOGLEVEL:level} %{DATA} %{TIMESTAMP_ISO8601:logdate} %{DATA} - %{GREEDYDATA:text}" ] | |
| } | |
| date { | |
| match => [ "logdate", "yyyy-MM-dd HH:mm:ss,SSSS" ] | |
| } | |
| mutate { | |
| add_field => { | |
| "subsystem" => "cassandra" | |
| } | |
| } | |
| } | |
| output { | |
| #stdout { codec => rubydebug } | |
| elasticsearch { | |
| hosts => ["elastic.local:9200"] | |
| index => "cassandra-%{+YYYY.MM.dd}" | |
| } | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Getting Error :
{:type=>"filter", :name=>"multiline", :path=>"logstash/filters/multiline", :error_message=>"NameError", :error_class=>NameError, :error_backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:226:in
namespace_lookup'", "/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:162:inlegacy_lookup'", "/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:138:inlookup'", "/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:180:inlookup_pipeline_plugin'", "/usr/share/logstash/logstash-core/lib/logstash/plugin.rb:140:inlookup'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:103:inplugin'", "(eval):12:ininitialize'", "org/jruby/RubyKernel.java:1079:ineval'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:75:ininitialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:165:ininitialize'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:286:increate_pipeline'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:95:inregister_pipeline'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:313:inexecute'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:67:inrun'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:204:inrun'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:132:inrun'", "/usr/share/logstash/lib/bootstrap/environment.rb:71:in `(root)'"]}[2017-11-01T06:09:07,990][ERROR][logstash.agent ] Cannot create pipeline {:reason=>"Couldn't find any filter plugin named 'multiline'. Are you sure this is correct? Trying to load the multiline filter plugin resulted in this error: Problems loading the requested plugin named multiline of type filter. Error: NameError NameError"}