Читайте логи и отображайте их понятным способом, используя Logsta sh, Kibana - PullRequest
Новая
       78

Читайте логи и отображайте их понятным способом, используя Logsta sh, Kibana

0 голосов
/ 17 марта 2020

Я новичок в logsta sh в этом отношении стека ELK. У меня есть файл журнала с содержимым, как показано ниже 

Feb 25 01:00:10 DELHI_XXX_XXX_01 XXX2076: 2076 6.0 Record Type = INFO # Error ID = 981102 : SAS discovery occurred, configuration changes pending # Error Code =  # System Name = DELHI_XXX_XXX_01 # Error Sequence Number = 2090 # Timestamp = Tue Feb 25 01:00:01 2020 # Object Type = iogroup # Object ID = 0 # Object Name = io_grp0 # Cluster Alias = 0x200a0403a47 # Copy ID =
Feb 25 01:00:10 DELHI_XXX_XXX_01 XXX2076: 2076 6.0 Record Type = INFO # Error ID = 981103 : SAS discovery occurred, configuration changes complete # Error Code =  # System Name = DELHI_XXX_XXX_01 # Error Sequence Number = 2091 # Timestamp = Tue Feb 25 01:00:01 2020 # Object Type = iogroup # Object ID = 0 # Object Name = io_grp0 # Cluster Alias = 0x200a0403a47 # Copy ID =
Feb 25 01:00:11 DELHI_XXX_XXX_01 XXX2076: 2076 6.7 Record Type = INFO # Machine Type = 2076124 # Serial Number = 78N2A5P # Error ID = 981102 : SAS discovery occurred, configuration changes pending # Error Code =  # System Version = 7.8.1.4 (build 135.5.1712071656000) # FRU = None  # System Name = DELHI_XXX_XXX_01 # Node ID = 2 # Error Sequence Number = 13805 # Timestamp = Tue Feb 25 01:00:01 2020 # Object Type = iogroup # Object ID = 0 # Object Name = io_grp0 # Cluster Alias = 0x200a021f294 # Copy ID =   # Additional Data (0 -> 63) = 01020000A1ED00000300000086000000430043000000000000000000000000000303030040004000400000000000000000000000000000000000000000000000 # Additional Data (64 -> 127) = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 # Machine Part Number =
Feb 25 01:00:11 DELHI_XXX_XXX_01 XXX2076: 2076 6.7 Record Type = INFO # Machine Type = 2076124 # Serial Number = 78N2A5P # Error ID = 119397 : SAS discovery occurred, configuration changes complete # Error Code =  # System Version = 7.8.1.4 (build 135.5.1712071656000) # FRU = None  # System Name = DELHI_XXX_XXX_01 # Node ID = 3 # Error Sequence Number = 13806 # Timestamp = Tue Feb 25 01:00:01 2020 # Object Type = iogroup # Object ID = 0 # Object Name = io_grp0 # Cluster Alias = 0x200a021f294 # Copy ID =   # Additional Data (0 -> 63) = 01020000AAED00000300000086000000430043000000000000000000000000000303030040004000400000000000000000000000000000000000000000000000 # Additional Data (64 -> 127) = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 # Machine Part Number =
Feb 25 01:00:14 DELHI_XXX_XXX_03 XXX9848: # timestamp = Tue Feb 25 01:00:14 2020 # cluster_user = admin # source_panel = 01-2 # target_panel = 01-1 # ssh_ip_address = 127.0.0.1 # result = success # res_obj_id = none # command = satask # action = cpfiles # action_cmd = cpfiles -prefix /dumps/svc.config.cron.*_78E05VW-2 -source 01-2 01-1
Feb 25 01:00:15 DELHI_XXX_XXX_05 XXX9848: # timestamp = Tue Feb 25 01:00:15 2020 # cluster_user = admin # source_panel = 01-2 # target_panel = 01-1 # ssh_ip_address = 127.0.0.1 # result = success # res_obj_id = none # command = satask # action = cpfiles # action_cmd = cpfiles -prefix /dumps/svc.config.cron.*_78E05VX-2 -source 01-2 01-1

Мне нужно было бы проанализировать данные и отобразить их в кибане понятным способом, как показано ниже 

log_time          record_type  error_message                                            System_Name
Feb 25 01:00:10   INFO         SAS discovery occurred, configuration changes complete   DELHI_XXX_XXX_01
Feb 25 01:00:14   ERROR        SAS discovery occurred, configuration changes complete   DELHI_XXX_XXX_02

Ниже приведен мой файл logstest1.conf 

input{
file {
path => "/var/log/messages*"
start_position => "beginning"
sincedb_path => "NULL"
}
}
#filter {
#txt {
#seperator => "#"
#columns => ["record_type","notification_name","error_code","system_name","err_seq_number","time_stamp", "obj_type", "obj_id", "obj_name", "cluster_name", "copy_id"]
#}
#}
output {
elasticsearch {
hosts => "http://10.10.10.10:9200"
index => "sample_log_index"
}
stdout{}
}

Пожалуйста, помогите, как добиться того же.

...