Probably a stupid question, but I cant decipher the docs. Do I need to install LogStash in order to use the logstash-gelf Input Plugin? Cant I just pipe this directly to Graylog?
can you please describe your wanted flow of messages? What I can decrypt currently from your messages:
Logstash >>> GELF message >>> Graylog
To use Logstash Plugins you need to have a running Logstash, but maybe I just got your intention wrong.
Thanks for the reply. My actual goal is to fix a problem whereby my Java Exception Messages are being split. The Java exception stack trace’s " at com.bla.bla.bla.stuff.jar" are being added as an individual line. When I search for a solution, this “logstash-gelf” add-on and its log4j appender seems to be the most popular solution. My current pipeline is JavaApplicationLogFile.log >> filebeat(sidecar) >> GraylogServer.
I am hoping for an easier solution than installing logstash. Maybe an extractor with multiline and regex? I havent been able to find much on that one.
yes when you have filebeat reading the multi line logfile the best solution would be to use a multiline regex to read those messages as one.
Depending how your logfile is structured something like:
multiline.pattern: '^\[' multiline.negate: true multiline.match: after
is enough to be configured to have your problem solved.
Thanks Jan. This helps a lot.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.