All geek questions in one place

Kibana + Logstash + exceptions for elastic groups using stacktrace

At the moment, I have installed logstashed and see all the [ERROR] and stacktraces messages in Kibana.

However, I would like to group my exceptions using my stacks to see only unique exceptions. For example, I have 2 different NullPointerException exceptions from different classes / lines of code and 1 IllegalArgumentException. These exceptions are repeated in magazines several times, and I see all cases in Kiban.

What I would like to see, something like this

  • NullPointerException + trace - thwwn 78 times.
  • Other NullPointerException + trace - selected 112 times.
  • IllegalArgumentException + trace - selected 991 times.

This is how fabric.io works for mobile crashes / issues. Can I do something like this?

+4
source share
1 answer

The way we did this was to configure the visualization of the data table with a query for terms in the field containing the stack. Keep in mind, however, that for aggregation in the .raw version of your field, otherwise you will see an analyzed (e.g. split) version of stacktraces, which is not what you want.

The second problem I encountered is the maximum size of the text that will be used for the term filter (unfortunately, I can not find the documents for this). Anything more than this is simply excluded from aggregation. I worked on this by creating an extra field containing the first 200 characters of the stacktrace, which I then use for aggregation.

    grok {
        match => [ "exceptionTxt","(?<exceptionTxtShort>^.{0,200})"]
    }

, . - / , .

+1

Source: https://habr.com/ru/post/1612624/

More articles:


All Articles