Hi there. In this article we'll discuss about logstash's installation procedure.
Before technical issues let's speak about our goals and strictly about logstash.
Image situation when you have web resource which work in production, it handles a huge amount of users. Let's say that there are thousands of users.... Each user has his own id. He could add/delete/update something via this web resource and you should know what exactly add or remove each user in some exactly time. Your web resource logs everything to syslog, for example and you have megabytes of logs. So, supposably you develope some application which should know all action...
In this article we will parse our apache logs from previous topic by logstash.
In a nutshell about logstash config format...
Logstash config consist of three main part:
Input field can contain few inputs. It could be stdin, tcp, udp, relp or file. For tests you could use tcp input and stdout output like below:
port => 3333
codec => json
debug => true
Start your logstash with this config and do next on another machine:
nc -v your_logstash_machine_addres...
Hi everyone. In this topic I put grok's regexes. Actually you could find them on GitHub but it is comfortably when you read about grok and could look to regexes at this moment.
So, list of regexes: