Did you know?
Glossary MTTR (Mean Time To Recovery)

A key performance indicator measuring the average time required to restore a service or system after a failure.

Suggested article Grafana Assistant: AI at the service of observability

Discover Grafana Assistant, the artificial intelligence integrated into Grafana Cloud. Learn how thi...

Learn more

[TP] My first pipeline

  1. Home
  2. Observability
  3. Logstash: from discovery to expertise
  4. Going further

[TP] My first pipeline




What you will learn in this TP :
  • Install Logstash
  • Build a pipeline
  • use the file input
  • Combine different filters
  • use the file output
  • use conditions
  • use variables

Introduction


What you will learn in this section :
  • Install Logstash
  • Build a pipeline
  • use the file input
  • Combine different filters
  • use the file output
  • use conditions
  • use variables

This lab aims to teach you how to build a simple pipeline that will read a log file, process it and write its output to a new file

Prerequisites

You must have a Linux machine with Logstash installed. If you do not have a machine or test environment, we invite you to do the lab on installing Logstash. For those doing the lab on the test environment, you can ask Vagrant to install Logstash: 
export DEPLOY_LOGSTASH=true; vagrant up

Inputs configuration

You must create a file in /etc/logstash/conf.d named "0-input-file-nginx-access.conf".
WARNING: In this lab, we specified the configuration file name (0-input-file-nginx-access.conf) but in a company, you will have to build your own naming standard that fits your context.
  1. Reading a file
    In this file, you must add the logstash configuration to read the contents of the file "/var/log/rousseltm/nginx-access.log". If you use our Vagrant test environment, the log files will already be present on the VM in the /var/log/rousseltm folder. Otherwise, you will have to copy them manually: .
    You must add a type for this file with the value 'nginx_access'.

Filters configuration

You must create a second file named "100-filter-nginx-access.conf".
  1. Data extraction
    You must identify the most suitable filter for a flat file and put the configuration that will extract the fields from the previously read log file knowing that this file has a single log format
  2. Type modification
    We want to convert the "http_code" field to an integer. Indeed, there are often arithmetic operations on this field when making restitutions (dashboard, alerts...). For example, display all codes between 200 and 205.
  3. Date adaptation
    As you noticed in the provided log file, the logs are not sorted. If you do not adapt the '@timestamp' field, you will have logs sorted by appearance in the file instead of sorting by generation date of the log line.
  4. Field deletion
    We want to remove the fields
    • event.original
    • message: as we have already extracted the information that interests us
    . Different methods must be used to remove them.
    WARNING: This is a good practice to save storage space and performance.
    In other labs, we will see that 'message' should only be removed in cases where we have no filter errors.

Outputs configuration

You must create a file in /etc/logstash/conf.d named "200-output-file-nginx-access.conf".
  1. Writing to a file
    In this file, you must add the logstash configuration so that it writes our processed log to the file "/var/log/rousseltm/parsed/TYPE.json"

Difficulty level: (2/5)

Recommended Articles

License consumption types

Understand the evolution of billing in Dynatrace: the difference between the ...

Grafana Alloy: The importance of Self-Monitoring

Discover why and how to configure Grafana Alloy so that it monitors itself, c...

Grafana Alloy: Understanding and exploiting the User Interface (UI)

Discover how to enable, secure, and use Grafana Alloy's built-in web interfac...

Grafana Alloy: Introduction and Architecture

Discover the fundamental concepts of Grafana Alloy, the transition from the s...

Grafana Alloy: Syntax and Configuration (Alloy Language)

Master Grafana Alloy's declarative syntax (River language), learn to manipula...

Grafana Alloy: Metrics Collection (Prometheus & Ecosystem)

Learn how to configure Grafana Alloy to collect, transform, and forward metri...

Grafana Alloy: Log Management with Loki

Discover how to configure Grafana Alloy to read log files, journald, or netwo...

Grafana Alloy: Trace Management with Tempo

Dive into distributed trace processing. Learn how to ingest OTLP, Jaeger, or ...

Grafana Alloy: Continuous Profiling with Pyroscope

Discover how to configure continuous profiling in your environments using Gra...

Grafana Alloy: Advanced Deployment and Clustering

Learn how to manage large-scale Grafana Alloy deployments. Configure Clusteri...

Grafana Assistant: AI at the service of observability

Discover Grafana Assistant, the artificial intelligence integrated into Grafa...

Grafana Alloy vs Dynatrace ActiveGate: Which one to choose?

Comparison between Grafana Alloy and Dynatrace ActiveGate. Understand the fun...

Have you finished?
Previous session See the correction Next session