here problem : let's have standard apache logs, :
ip1 ip2 - - [13/jun/2016:14:45:05 +0200] "get /page/requested.html http/1.1" 200 4860 "-" "mozilla/5.0 (x11; ubuntu; linux x86_64; rv:46.0) gecko/20100101 firefox/46.0" i can sucessfully parse these logs actual configuration of logstash :
input { file { path => '/home/user/logsdir/*' } } filter { grok { match => { "message" => "%{combinedapachelog}"} } } output { elasticsearch { } stdout { codec => rubydebug } } but on these logs, apply machine learning algorithm , give them score. new log line looks :
ip1 ip2 - - [13/jun/2016:14:45:05 +0200] "get /page/requested.html http/1.1" 200 4860 "-" "mozilla/5.0 (x11; ubuntu; linux x86_64; rv:46.0) gecko/20100101 firefox/46.0" 0.00950628507703 note the 0.00950628507703 at end of line, actual score
now, parse line use score visualisation in kibana (logstash integeated in whole elk stack ). great if score parse float.
nb: can place score before or after standard apache log message , insert kind of characters between 2 (currently space).
any idea on how tackle problem ?
thanks in advance !
eventually found how process. add little keyword before score : word pred
so lines know :
ip1 ip2 - - [13/jun/2016:14:45:05 +0200] "get /page/requested.html http/1.1" 200 4860 "-" "mozilla/5.0 (x11; ubuntu; linux x86_64; rv:46.0) gecko/20100101 firefox/46.0" pred:0.00950628507703 and use configuration logstash :
input { file { path => '/home/user/logsdir/*' start_position => "beginning" } } filter { grok { match => { "message" => "%{combinedapachelog} pred:%{number:prediction_score}"} } # convert score float in order vizualise in kibana mutate { convert => {"prediction_score" => "float"} } } output { elasticsearch { } stdout { codec => rubydebug } } i hope if stuck same problem !
cheers !
Comments
Post a Comment