Tuesday, 31 January 2017

ELK Stack

logstash json format

{
  "message"    => "hello world",
  "@version"   => "1",
  "@timestamp" => "2014-04-22T23:03:14.111Z",
  "type"       => "stdin",
  "host"       => "hello.local"
}
  • @timestamp is the ISO8601 high-precision timestamp for the event.
  • @version is the version number of this json schema
  • Every other field is valid and fine.

Observe it in real life

You can observe the message structure by doing output { stdout { codec => rubydebug } }

% bin/logstash  -e 'output { stdout { codec => rubydebug } }'
hello world

{
  "message"    => "hello world",
  "@version"   => "1",
  "@timestamp" => "2014-04-22T23:03:14.111Z",
  "type"       => "stdin",
  "host"       => "Macintosh.local"
}
view raw foo.md hosted with ❤ by GitHub





http://brewhouse.io/blog/2014/11/04/big-data-with-elk-stack.html

Thursday, 26 January 2017