Geek Answers Handbook

The default path for grok templates

I installed Logstash on an Ubuntu 14 server. Where can I find the default grok templates that Logstash uses when filtering logs? Thanks.

+6
source share
3 answers

From grok documentation :

Logstash ships with about 120 patterns by default. You can find them here:

https://github.com/logstash-plugins/logstash-patterns-core/tree/master/patterns .

+7
source

I also installed the ELK stack on Ubuntu 14.04. The location of the patterns grok uses is in the following directory.

/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.5/patterns/

which includes the following default patterns

 aws firewalls junos mongodb rails bacula grok-patterns linux-syslog nagios redis bro haproxy mcollective output.txt ruby exim java mcollective-patterns postgresql test.sh

Or you can simply search for patterns as follows:

find / -name patterns

This will show you the template directory you are looking for.

+5
source

If you know the installation path of logstash, say cd /usr/share/logstash/

he is here:

cd /vendor/bundle/jruby/2.3.0/gems/logstash-patterns-core-4.1.2/patterns/

If installed using apt-get, before /usr/share/logstash/ it is here:

/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-patterns-core-4.1.2/patterns/

0
source

More articles:


All Articles