My Experiments for Truth.

Grok pattern for the below log. 27-05-2020 06:44:33.476 [app-api-5bd9d99b8-sjql5-6f5bdf4a-f2c9-4a25-8fe6-031e9fa28cf0] DEBUG 1 [http-nio-8080-exec-4] c.w.w.m.customer.controllers.CustomerController [get-141] : Get all Customer request received. This has to be added in the logstash config file /usr/share/logstash/pipeline/logstash.conf filter {       grok {         match => { "message" => ["%{DATE_EU:date} %{TIME:logTime} *\[%{DATA:requestId}] %{LOGLEVEL:logLevel} %{NUMBER:processId} *\[%{DATA:threadName}] %{JAVACLASS:className} *\[%{DATA:origin}] :%{GREEDYDATA:message}"] }       } } alternative grok pattern ##################### (? %{MONTHDAY}-%{MONTHNUM}-%{YEAR} %{HOUR}:%{MINUTE}:%{SECOND}.%{NONNEGINT}) *\[%{DATA:requestId}] %{LOGLEVEL:logLevel} %{NUMBER:processId} *\[%{DATA:threadName}] %{JAVACLASS:className} *\[%{DATA:origin}] :%{GREEDYDATA:messagebody} Example logstash file with grok pattern for parsing ...

ubuntu@master:~$ git clone https://github.com/deviantony/docker-elk.git ubuntu@master:~$ cd docker-elk ubuntu@master:~/docker-elk$ sudo docker-compose up -d Creating dockerelk_elasticsearch_1 ... done WARNING: Image for service kibana was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`. Creating dockerelk_elasticsearch_1 ... Creating dockerelk_logstash_1      ... done Creating dockerelk_kibana_1        ... done ubuntu@master:~/docker-elk$ sudo docker-compose ps           Name                         Command               State                                   Ports                      ...