Logstash-gelf needs logstash installed?


(Andrew) #1

Hi Community,
Probably a stupid question, but I cant decipher the docs. Do I need to install LogStash in order to use the logstash-gelf Input Plugin? Cant I just pipe this directly to Graylog?


(Jan Doberstein) #2

he @h-andrew

can you please describe your wanted flow of messages? What I can decrypt currently from your messages:

Logstash >>> GELF message >>> Graylog

To use Logstash Plugins you need to have a running Logstash, but maybe I just got your intention wrong.


(Andrew) #3

Hi Jan,
Thanks for the reply. My actual goal is to fix a problem whereby my Java Exception Messages are being split. The Java exception stack trace’s " at com.bla.bla.bla.stuff.jar" are being added as an individual line. When I search for a solution, this “logstash-gelf” add-on and its log4j appender seems to be the most popular solution. My current pipeline is JavaApplicationLogFile.log >> filebeat(sidecar) >> GraylogServer.

I am hoping for an easier solution than installing logstash. Maybe an extractor with multiline and regex? I havent been able to find much on that one.


(Jan Doberstein) #4

He @h-andrew

yes when you have filebeat reading the multi line logfile the best solution would be to use a multiline regex to read those messages as one.

Depending how your logfile is structured something like:

multiline.pattern: '^\['
multiline.negate: true
multiline.match: after

is enough to be configured to have your problem solved.


(Andrew) #5

Thanks Jan. This helps a lot.


(system) #6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.