Hello.
I am using filebeat to push data to graylog/elasticsearch.
Now i am trying to push that type of information from log file:
2016-12-05 14:07:45,399 |
SUCCESS Finished executing sql (8 ms): 7ed3a851-2f36-47a5-ad12-028169d48ae4
select distinct
wp.id,
wp.a,
wp.b,
wp.c,
wp.d,
wp.e,
wp.f,
pp.g
from
x wp,
y kp,
x pp
where
? between wp.dataa and wp.databb and
(kp.idparam = ?) and
((pp.code = ?) or (pp.test = 1) and
(select distinct
count (pp.code)
from
a wp,
b kp,
c pp
where
(kp.id = ?) and
(pp.code = ?) and
(pp.idka = kp.id) and
(wp.idd = pp.id)
group by pp.code) IS NULL) and
(pp.code = ?) and
(pp.idka = kp.id) and
(wp.idpr = pp.id);
2016-12-05 14:07:45,410 | INFO |
1. approach: I used include_ lines:
"SUCCESS Finished executing sql \((?:\d+) ms\): (?:[^\r\n]+)\r?\n-- Nazwa
wykonywanego pliku sql: (?:[^\r\n]+)\r?\n(.*?)(?:\r?\n\d\d\d\d-\d\d-\d\d
\d\d:\d\d:\d\d,\d\d\d|\z"
2.approach:
multiline:
match: after
pattern: "SUCCESS Finished executing sql"
max_lines: 50
paths:
- /vlogfile.log
scan_frequency: 10s
tail_files: false
I have no idea how to catch it with regexsp.
I used multilinepatern but that is not working.
Could You help me how to work with that type of information in log file ?
Graylog 2.1
Filebeat 5.1
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/a1dcd9f2-b246-4e02-9857-06ebd315bd79%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
