hi,
i want to import logs from specific path on my server. i have 4-5 logs files in this path. i want to load them and run some query. could you please help me with the steps to do so.
thanks.
import logs from specific location
Re: import logs from specific location
To import your logs from flag files, you can make use of the 'file' input:
You could use either of the following inputs, for example:
-or-
You can define an input on the 'Administration -> Global Configuration' page of the Web GUI.
You could use either of the following inputs, for example:
Code: Select all
file {
path => /var/log/messages
}Code: Select all
file {
path => /var/log/httpd/*
}Re: import logs from specific location
hi,
i configured as you suggested. but still i am not able to see my logs loading on the dashboard. is there some document or video available to do this.
i configured as you suggested. but still i am not able to see my logs loading on the dashboard. is there some document or video available to do this.
Re: import logs from specific location
After you configured it, did you press the 'Apply Configuration' button?
Re: import logs from specific location
hi,
yes i did. but still no results.
yes i did. but still no results.
Re: import logs from specific location
Did you use exactly what jolson posted or did you modify it to suit your environment?
What are you doing to search for those logs?
What sort of messages in the logs are you hoping to see?
What are you doing to search for those logs?
What sort of messages in the logs are you hoping to see?
Former Nagios employee
Re: import logs from specific location
i followed these below steps.
click administration -> Global configuration -> add input -> added these below lines
file {
path => '/data/logs/'
}
here /data/logs/ is the path of my logs files available.
then click save -> verify -> Apply configuration
after this, i went into dashboard and try to query for "ERROR"
but i do not get any result
click administration -> Global configuration -> add input -> added these below lines
file {
path => '/data/logs/'
}
here /data/logs/ is the path of my logs files available.
then click save -> verify -> Apply configuration
after this, i went into dashboard and try to query for "ERROR"
but i do not get any result
Re: import logs from specific location
Try this input:
Please "Apply Configuration" after you make the above definition. Do you see any files being generated? If not, try the following at the command line.
Switch to Nagios:
Change to the data/logs directory:
Read one of the files that exists there:
Add a few lines to a new file:
Let me know how the above goes. When you add new lines to a file, logstash should pick up those changes almost immediately and display them to you in the Web GUI. We're also ensuring that the 'nagios' user has appropriate read and write access to the directory in question.
Jesse
Code: Select all
file {
path => '/data/logs/*'
}Switch to Nagios:
Code: Select all
su - nagiosCode: Select all
cd /data/logsCode: Select all
tail -n100 fileexampleCode: Select all
echo "ERROR" >> newfile.logJesse
Re: import logs from specific location
hi,
Thank you.
this worked. but it is not picking up files which are already available there. any other settings to be done.
Thank you.
this worked. but it is not picking up files which are already available there. any other settings to be done.
Re: import logs from specific location
This means that Nagios Log Server has already parsed through the logs that are already there. What you can do is copy those files to force a re-read:
The new log will be parsed appropriately. Any new lines in your existing logs will also be parsed appropriately, so you should be good to go!
Code: Select all
cd /data/logsCode: Select all
cp example-log-1 example-log-1-parse