I have the next textfile/logfile:
2021-06-26 16:56:50,415 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 82) WFLYUT0022: Unregistered web context: '/PowerCardv35' from server 'default-server'
2021-06-26 16:56:54,046 INFO [io.undertow.servlet] (ServerService Thread Pool -- 83) Destroying Spring FrameworkServlet 'spring'
2021-06-26 16:56:54,090 INFO [io.undertow.servlet] (ServerService Thread Pool -- 83) Closing Spring root WebApplicationContext
2021-06-26 16:56:54,356 INFO [org.jboss.as.server.deployment] (MSC service thread 1-3) WFLYSRV0028: Stopped deployment v3_31-web.war (runtime-name: v3_31-web.war) in 314ms
2021-06-26 16:57:54,103 INFO [io.undertow.servlet] (ServerService Thread Pool -- 93) Initializing Spring root WebApplicationContext
2021-06-26 16:59:32,862 INFO [stdout] (ServerService Thread Pool -- 93) 2021-06-26 16:59:32,858 INFO [ServerService Thread Pool -- 93] serviceimpl.Pwc_time_zoneServiceImpl (Pwc_time_zoneServiceImpl.java:54) - PowerCardV3 : Operation:get_time_zone , USER : , SessionID :null , RemoteAddress:null
2021-06-26 16:59:32,887 INFO [stdout] (ServerService Thread Pool -- 93) jdbc/PWCCFGDS
2021-06-26 16:59:33,023 INFO [stdout] (ServerService Thread Pool -- 93) Database's time zone: +00:00
2021-06-26 16:59:33,025 INFO [io.undertow.servlet] (ServerService Thread Pool -- 93) Initializing Spring DispatcherServlet 'spring'
2021-06-26 17:00:23,620 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 93) WFLYUT0021: Registered web context: '/v3_31-web' for server 'default-server'
2021-06-26 17:06:56,923 INFO [stdout] (default task-1) 2021-06-26 17:06:56,922 INFO [default task-1] serviceimpl.AuthentificationServiceImpl (AuthentificationServiceImpl.java:111) - PowerCardV3 : Operation authentificationService , USER :ISS001
2021-06-26 17:07:05,313 INFO [stdout] (default task-1) 2021-06-26 17:07:05,311 INFO [default task-1] serviceimpl.AuthentificationServiceImpl (AuthentificationServiceImpl.java:183) - PowerCardV3 : Authentication failed , USER :ISS001 , SessionID :hWayqQ7vMhUV4rOBvLCelwC8v0DIMLHb0X0u9vjX , RemoteAddress:172.18.0.1
2021-06-26 17:07:05,689 INFO [stdout] (default task-1) 2021-06-26 17:07:05,683 ERROR [default task-1] errorhandling.BasicErrorHandlingAdvice (BasicErrorHandlingAdvice.java:94) - [org.fornax.cartridges.sculptor.framework.errorhandling.UnexpectedRuntimeException] : Bad credentials
2021-06-26 17:07:05,690 INFO [stdout] (default task-1) org.springframework.security.authentication.BadCredentialsException: Bad credentials
2021-06-26 17:07:05,690 INFO [stdout] (default task-1) at org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:93)
2021-06-26 17:07:05,696 INFO [stdout] (default task-1) at com.sun.proxy.$Proxy293.authentificationService(Unknown Source)
I would like to display my index as a simple table. But in this use case we have a section of the line is reliably repeated, but the entire line is not.
To deconstruct the section of the line that is repeated, I used the Dissect filter like this:
input {
file {
path => "/home/ahmed/Bureau/archive/dissect.txt"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
dissect {
mapping => {
"message" => "%{date} %{time} %{loglevel} [%{package}]"
}
}
}
output {
elasticsearch {
hosts => "http://localhost:9200"
}
stdout {}
}
But I don't know how I can use the Grok filter to process the remaining line values.
Any help please ? or any suggestion for my filter section?
if someone could write completely my filter section I would be very grateful. Because I'm just a beginner in ELK.
Thanks in advance.