So, I discovered the Grok Debugger where I successfully parsed my logs. But if I actually let the logs run through logstash, they show up in Kibana but without the extra fields.
My filter looks like this:
filter {
if [type] == "pat" {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:time} %{LOGLEVEL:loglevel} \[%{JAVACLASS:class}] %{GREEDYDATA:mydata}"
}
}
date {
match => [ "time" , "YYYY-MM-dd HH:mm:ss,SSS" ]
}
}
}
And a typical log like this:
2016-03-08 15:26:45,111 INFO [ch.fhnw.imvs.pat.integration.adapter.vcs.GitAdapter] - gitweb.conf updated
But in Kibana I see the following but I should see my fields that I defined in the grok filter:
Am I doing something wrong? Thanks for any advice!
