I have some log files created by Log4J2 . I output logs to a .json file using JSONLayout in the log4j2.xml configuration file. My JSONLayout is defined as follows:
<JSONLayout complete="false"></JSONLayout>
When the logs are written to the log file on my machine, they are added one after another and look like this in logs.log:
{
"logger":"com.mycompany.myLogger",
"timestamp":"1396792374326",
"level":"ERROR",
"thread":"pool-2-thread-2",
"message":"System: unable to perform action",
"throwable":"java.lang.NullPointerException\\n\tat com.myCompany.MyClass $.java:432)\\n\tat java.lang.Thread.run(Thread.java:744)\\n"
},
I am trying to structure this JSON so that I can query it from ElasticSearch. During this process, I try to add a custom field for ALL records. For this, I use the following:
input {
file {
type => "json"
path => "/var/logs/myApp/logs.log"
}
}
filter {
json {
add_tag => [ "HardcodedTagName"]
source => "message"
}
}
output {
elasticsearch {
protocol => "http"
codec => "json"
host => "[myServerAddress]"
port => "9200"
}
}
Oddly enough, my custom NEVER tag seems to be added. At the same time, I would really like to pry my JSON into the fields that I can request in ElasticSearch. What I would like to request is clearly available. It:
, . JSON Kibana, - :
{
"_index": "logstash-2014.04.07",
"_type": "json",
"_id": "tG-s6-5pSnq5HZwLhM6Dxg",
"_score": null,
"_source": {
"message": " \"message\":\"System: unable to perform action\"\r",
"@version": "1",
"@timestamp": "2014-04-07T18:01:38.739Z",
"type": "json",
"host": "ip-MyipAddress",
"path": "/var/logs/myApp/logs.log"
},
"sort": [
1396893698739,
1396893698739
]
}
, , . . , Log4J, . !