ELK Note (ElasticSearch-Logstash-Kibana)
logstash filter grok
https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html
logstash filter date
https://www.elastic.co/guide/en/logstash/current/plugins-filters-date.html
logstash filter translate
https://www.elastic.co/guide/en/logstash/current/plugins-filters-translate.html
lostash filter mutate
https://www.elastic.co/guide/en/logstash/current/plugins-filters-mutate.html
logstash debug config
.\logstash.bat -f dddd.conf
input {
stdin{}
}
filter {
grok {
match => { "message" => "(\s(?<stock_id>[0-9]{5}))" }
}
date {
locale => "en"
match => ["message", "YYYY-MM-dd;HH:mm:ss.SSS"]
timezone => "Europe/Vienna"
target => "@timestamp"
add_field => { "debug" => "timestampMatched"}
}
}
output {
stdout {
codec => "rubydebug"
}
}http://blog.mmlac.com/how-to-pre-process-logs-with-logstash/
logstash timestamp issue fix
http://stackoverflow.com/questions/25156517/logstash-date-parsing-as-timestamp-using-the-date-filter
logstash IISLOG
Logstash config for IIS logs
http://dotnetanalysis.blogspot.tw/2014/11/logstash-config-for-iis-logs.html
URL
http://engineering.laterooms.com/enriching-logs-with-logstash/
.net+LogParser like logstash
TimberWinR
Regular Expression Test
http://grokconstructor.appspot.com/do/match#result
HowTo install ELK on Windows Server IIS
https://blog.basefarm.com/blog/how-to-install-logstash-on-windows-server-2012-with-kibana-in-iis/
