Youshould convert the format to something like JSON, and the on the LogStash
receiver you read it in using the json_lines codec.
Sent from my iPhone
> On 1/10/2014, at 5:35 am, Daniel Zorab <daniel.zo...@derivco.co.uk> wrote:
>
> Hi
>
> I am attempting to create a proof of concept for visualizing log files by
> leveraging nxlog -> logstash -> elasticsearch -> kibana. I am having issues
> at the stage of filling up logtstash with information from a text log file
> using nxlog and in particular the multiline portions of the log file.
>
> I am using a Windows 7 x64 VM as a test machine with all the services and
> applications localized to this VM.
>
> I have been able to send log file (single line) entries successfully from the
> log file using nxlog through to logstash which then parses and stores each
> event as it should. The issue comes in when attempting to support/send
> multline entries through to logstash which is producing some inconsistent
> results. (If I send through each as a single line it works fine but obviously
> the multiline log entries get stored into their own event) .Basically it
> looks like it is sending several single line entries and logstash is viewing
> them as one single event (as per debugoutput.txt eg: line 77 ->154 ) which
> can be compared against the input of SampleLog.txt
>
> If using logstash on its own (no nxlog involvement) it is able to parse and
> read multiline and single line inputs absoluytely fine as per the and the
> logtash config file : Logstash.conf.
> I have tried out multiple scenarios in the nxlog config by enabling/disabling
> the xm_multiline module and utlising the HeaderLine and EndLine. I have also
> tried disabling the multline config portion of the logtstash unto no avail.
>
> Could anyone shed some more light on this issue or have I misunderstood how
> to utilise the config for nxlog?
>
> Regards
> Daniel
> <Logstash.conf.txt>
> <nxlog.conf.txt>
> <rubydebug output.txt>
> <SampleLog.txt>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> nxlog-ce-users mailing list
> nxlog-ce-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
