Logstash Configuration for Parsing Logs

In this section, we will explore how to use Logstash to parse a file that contains different types of logs. It will utilize the knowledge gained in this chapter, which will be put into action. We will use custom created grok patterns to parse the data, as per our requirements.

Let's have a look at the data.

The log file contains millions of records with a combination of Tomcat logs and Catalina logs. The log file also contains application exceptions, errors, and stack trace messages. The log file contains log events of various log levels, such as INFO, WARN, ERROR, DEBUG, and FATAL.

Sample Catalina logs

Have a look at the following logs:

 Mar 10, 2016 10:04:37 PM org.apache.catalina.startup.Catalina load INFO: ...

Get Mastering Elastic Stack now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Elastic Stack by Yuvraj Gupta, Ravi Kumar Gupta

Logstash Configuration for Parsing Logs

Sample Catalina logs

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly