[graylog2] Re: graylog - filebeat logging

Thu, 22 Dec 2016 00:50:23 -0800 

Hi,

I'd recommend matching the timestamp as start of the log entry, e. g. 
"2016-12-05 14:07:45,399" would be matched by "\d{4}-\d{2}-\d{2} 
\d{2}:\d{2}:\d{2},\d{1,3}".

See 
https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html 
for some examples.

Cheers,
Jochen

On Thursday, 22 December 2016 08:53:03 UTC+1, mytempledarkstar wrote:
>
> Hello.
>
>
> I am using filebeat to push data to graylog/elasticsearch.
> Now i am trying to push that type  of information from log file:
>
> 2016-12-05 14:07:45,399 |
> SUCCESS Finished executing sql (8 ms): 7ed3a851-2f36-47a5-ad12-028169d48ae4 
> select distinct
> wp.id,
> wp.a,
> wp.b,
> wp.c,
> wp.d,
> wp.e,
> wp.f,
> pp.g
> from 
> x wp,
> y kp,
> x pp
> where 
> ? between wp.dataa and wp.databb and
> (kp.idparam = ?) and
> ((pp.code = ?)  or (pp.test = 1) and 
> (select distinct
>   count (pp.code)
>  from 
>   a wp,
>   b kp,
>   c pp
>  where 
>   (kp.id = ?) and
>   (pp.code = ?) and
>   (pp.idka = kp.id) and
>   (wp.idd = pp.id)
>   group by pp.code) IS NULL) and
> (pp.code = ?) and
> (pp.idka = kp.id) and
> (wp.idpr = pp.id);
>
> 2016-12-05 14:07:45,410 | INFO  | 
>
>
> 1. approach: I used include_ lines:
> "SUCCESS Finished executing sql \((?:\d+) ms\): (?:[^\r\n]+)\r?\n-- Nazwa 
> wykonywanego pliku sql: (?:[^\r\n]+)\r?\n(.*?)(?:\r?\n\d\d\d\d-\d\d-\d\d 
> \d\d:\d\d:\d\d,\d\d\d|\z"
> 2.approach:
>  multiline:
>      match: after
>      pattern: "SUCCESS Finished executing sql"
>      max_lines: 50
>     paths:
>     - /vlogfile.log
>     scan_frequency: 10s
>     tail_files: false
>
>
>
>
> I have no idea how to catch it with regexsp. 
> I used multilinepatern but that is not working.
> Could You help me how to work with that type of information in log file ?
>
> Graylog 2.1
> Filebeat 5.1
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c29eccbf-619b-491e-a48d-77921aeb2eeb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to