- Download Logstash
- Save the config file below, and change the cluster name for ElasticSearch
- Start Kibana:
java -jar logstash-1.2.1-flatjar.jar web - Start Logstash:
java -jar logstash-1.2.1-flatjar.jar agent -v -f logstash.conf - Open Kibana 3 (the dashboard) on http://localhost:9292
Example config (logstash.conf):
input {
stdin { type => example }
}
output {
elasticsearch {
embedded => true
cluster => "my-cluster-name"
}
}
This project supplies an application which logs extensively, into a file called learning.log. The application is started with mvn jetty:run, and stopped with Ctrl-C.
- Start logstash with the config above, write somthing in the console you are running the logstash agent in, and check that it shows up in Kibana.
- Read the logfile from the application (learning.log). Hint: Use the file-module
- Java prints stacktraces on multiple lines. This should only be one log statement in logstash. Hint: Use the multiline-module
- We want each log part of the logfile (ie. loglevel, class, etc) in a seperate field, and to use the timestamp from each line. Hint: Use grok-module to parse each line
- Use the Grok debugger to create patterns
- We want to strip the DEBUG-messages from the log. Hint: Use drop-module
- Make a histogram in Kibana over the number of exceptions over time
- Make a histogram in Kibana of the average response time. Hint: Use extractnumbers-module