Good day,
I have the following log entry in my jboss application
*2014-10-23 11:03:38,254 INFO
[com.xxxxxxxxxx.cpg.webservice.cellc.xxxxxxxxx] (Thread-34766
(group:HornetQ-client-global-threads-1976177639))
[RESPONSE]-[WSC]-[VendorID=2, TrxId=xxxxxxxx, StanId=xxxxxx]\n
[com.xxxxxx.cpg.webservice.cellc.xxxxx] (Thread-34766
(group:HornetQ-client-global-threads-1976177639))
[RESPONSE]-[WSC]-[xxxxxx=2, TrxId=xxxxxx, StanId=xxxxxx]*
I make use of lumberjack to pass the logs to the central server
My grok config breaks up the file as needed
Here is the grok layout
*filter {*
* if [type] == "jboss" {*
* grok {*
* match => [message, "%{TIMESTAMP_ISO8601:timestamp} %{WORD:loglevel}
%{GREEDYDATA:message}"]*
* }*
* multiline {*
* pattern => "^\D|^$|^\n"*
* what => "previous"*
* }*
* date {*
* # 2013-09-23T11:27:14.177+0200*
* match => [*
* "timestamp", "MMM dd HH:mm:ss","MMM d HH:mm:ss","MMM dd yyyy
HH:mm:ss","MMM d yyyy HH:mm:ss", "yyyy-MM-dd'T'HH:mm:ss.SSSZ"*
* ]*
* target => "@timestamp"*
* add_field => { "debug" => "timestampMatched"}*
* }*
* }*
*}*
Here is the logstash output
*{*
* "message" => "2014-10-23 11:56:08,515 INFO
[comxxxx.cpg.services.vendor.networking.VendorConnection] (Thread-34876
(group:HornetQ-client-global-threads-1976177639)) ECHO RESULT : SUCCESS\n
[com.xxxxx.cpg.services.vendor.networking.VendorConnection] (Thread-34876
(group:HornetQ-client-global-threads-1976177639)) ECHO RESULT : SUCCESS",*
* "@version" => "1",*
* "@timestamp" => "2014-10-23T09:56:15.140Z",*
* "type" => "jboss",*
* "file" =>
"/usr/local/jboss-eap-5.1/jboss-as/server/all-with-hornetq/log/server.log",*
* "host" => "xx-xx.xxx.xxx.com",*
* "offset" => "114131317",*
* "timestamp" => "2014-10-23 11:56:08,515",*
*}*
The problem i have is the timestamp
I created a timestamp field and mapped the value
but when i try and graph on the timestamp in kibana, i get the following
error
*Oops!
ClassCastException[org.elasticsearch.index.fielddata.plain.PagedBytesIndexFieldData
cannot be cast to org.elasticsearch.index.fielddata.IndexNumericFieldData]*
is there a way to map the timestamp to @timestamp or make the timestamp
field i specified able to be seen in the graph ?
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/b63dc656-ac81-4a01-afb5-3d2fa934ed39%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
