Merhaba Abhiman If you are having trouble making heka work, I recommend you do some "bottom-up" debugging to check every stage, from input to output. At the very least: - is ´heka-logstreamer -config=/etc/heka/test.toml´ yielding the expected output? If it does not show what you want, iterate the config by adjusting the regex - what does the RstEncoder+LogOutput show? If it does not show what you want, iterate the config by adjusting the msg matcher
Provided hekad is not wedged, the DashboardOutput also provides a nice and easy to read overview [0]. I am also a bit confused by your use of the translation maps but I do not have all the details so there may be a legit use for it. I usually just expand the captured group in the differentiator setting of Logstreamer. Please check the Verifying Settings section of the docs [1] as well as the RstEncoder+LogOutput combo [2]. HTH [0] http://hekad.readthedocs.org/en/latest/config/outputs/dashboard.html [1] http://hekad.readthedocs.org/en/latest/pluginconfig/logstreamer.html [2] http://hekad.readthedocs.org/en/latest/config/encoders/rst.html<div id="DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br /> <table style="border-top: 1px solid #aaabb6;"> <tr> <td style="width: 470px; padding-top: 20px; color: #41424e; font-size: 13px; font-family: Arial, Helvetica, sans-serif; line-height: 18px;">Este correo electrónico se ha enviado desde un equipo libre de virus y protegido por Avast. <br /><a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail"; target="_blank" style="color: #4453ea;">www.avast.com</a> </td> </tr> </table> <a href="#DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"></a></div> On Wed, Apr 6, 2016 at 11:08 AM, Abhiman <[email protected]> wrote: > I want to upload multiple files(which are non sequential) simultaneously > using Heka. The files are conn.log, http.log, dhcp.log, dnp3.log, ftp.log, > dns.log. I am trying with the following code > > [networklogs] > Type = "LogstreamerInput" > log_directory = "/opt/bro/logs/current" > file_match= '(?P<Year>\d+)\.log' > priority=["Year"] > decoder="Json" > > [networklogs.translation.Year] > conn = 1 > dhcp = 2 > dnp3 = 3 > dns = 4 > ftp = 5 > http = 6 > > [Json] > type = "SandboxDecoder" > filename = "lua_decoders/json.lua" > > [Json.config] > type = "raw.bro" > debug = false > > > [ESJsonEncoder] > index = "test_2" > type_name = "one" > > > [ElasticSearchOutput] > message_matcher = "TRUE" > server = "http://localhost:9200"; > encoder = "ESJsonEncoder" > > but it's not working. When I am trying with only one file, I am succeeding > but for multiple files, no luck. > > Regards, > > --------------------------------------------------------------------------------------------- > > Abhiman | Analyst > > M: +91 8004274160 | www.tcg-digital.com > > > _______________________________________________ > Heka mailing list > [email protected] > https://mail.mozilla.org/listinfo/heka > -- "If you want to go fast, go alone. If you want to go far, go together." _______________________________________________ Heka mailing list [email protected] https://mail.mozilla.org/listinfo/heka
