Hello.
I am using filebeat to push data to graylog/elasticsearch.
Now i am trying to push that type of information from log file:
2016-12-05 14:07:45,399 |
SUCCESS Finished executing sql (8 ms): 7ed3a851-2f36-47a5-ad12-028169d48ae4
select distinct
wp.id,
wp.a,
wp.b,
wp.c,
wp.d,
wp.e,
wp.f,
pp.g
from
x wp,
y kp,
x pp
where
? between wp.dataa and wp.databb and
(kp.idparam = ?) and
((pp.code = ?) or (pp.test = 1) and
(select distinct
count (pp.code)
from
a wp,
b kp,
c pp
where
(kp.id = ?) and
(pp.code = ?) and
(pp.idka = kp.id) and
(wp.idd = pp.id)
group by pp.code) IS NULL) and
(pp.code = ?) and
(pp.idka = kp.id) and
(wp.idpr = pp.id);
2016-12-05 14:07:45,410 | INFO |
1. approach: I used include_ lines:
"SUCCESS Finished executing sql \((?:\d+) ms\): (?:[^\r\n]+)\r?\n-- Nazwa
wykonywanego pliku sql: (?:[^\r\n]+)\r?\n(.*?)(?:\r?\n\d\d\d\d-\d\d-\d\d
\d\d:\d\d:\d\d,\d\d\d|\z"
2.approach:
multiline:
match: after
pattern: "SUCCESS Finished executing sql"
max_lines: 50
paths:
- /vlogfile.log
scan_frequency: 10s
tail_files: false
I have no idea how to catch it with regexsp.
I used multilinepatern but that is not working.
Could You help me how to work with that type of information in log file ?
Graylog 2.1
Filebeat 5.1
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/a1dcd9f2-b246-4e02-9857-06ebd315bd79%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
