So I’m a bit newbie at this, so forgive me if I’m talking nonsense.
I want to analyze my app log files.
Now, all examples I’m seeing here and on the web describe how to send events to graylog, but they all talk about sending individual lines as events (or sometime multiline like an exception).
Now, making sense of a one line event is not very clear to me.
For example, I have a line in my log at the beginning stating the app version. Then later there will be a line about some procedure failing.
I don’t just want to capture the failure line, I want to know on what version it failed?
From what I see, I don’t see a way to correlate these 2 matches. Right?
Do all log analytics softwares deal with log analysis on a per line basis? Because it looks to me for my purposes, I need to analyze the entire log file. Right? Or am I missing something?
Maybe I can help, but before I can help you I need to ask you some question first.
Do you have Graylog setup? if so, could you tell us what version you have and what type of installation you installed?
What kind of log shipper are you using or want to use (i.e., graylog-sidecar, FileBeat, nxlog, etc…)?
The APP you stated is this on Linux or Windows?
Hey. Sure
So, I have graylog installed.
Here is the version string: “Graylog 4.0.7+c3e766c on 245bd303f3e7 (Oracle Corporation 1.8.0_292 on Linux 4.15.0-20-generic)”
I’m using filebeats for log shipping. minimal configuration.
App is on linux.
