Parsing Redis logs with Logstash

[Luís de Sousa]

Just to complement my previous post about Redis logs, at a given moment I will need to parse there files with Logstash, we have the definition bellow:

#=============================================================================
# Redis events
#=============================================================================
    else if [type] == "redis" {
      grok {
        match         => [ "message", "\[%{POSINT:pid}\]%{SPACE}%{GREEDYDATA:redislogtime} \*%{SPACE}%{GREEDYDATA:logtext}" ]
        patterns_dir  => "<%= @logstashGrokPatternDir %>"
        add_tag       => [ "grok_redis" ]
      }
      if "grok_redis" in [tags] {
        date {
          match         => [ "redislogtime", "dd MMM HH:mm:ss.SSS", "dd MMM HH:mm:ss" ]
          remove_field  => "redislogtime"
        }
        mutate {
          replace       => [ "message", "[%{pid}] %{logtext}" ]
          remove_field  => "logtext"
        }
      }
    }

Would like to know which version(s) of Redis are covered with this definition.

If anyone can help I would appreciate.

Thanks

Luis

[Josiah Carlson]

There hasn't been significant effort to make Redis log messages parseable by Logstash or other logs processing solutions. The config you have should work for most messages, but definitely not all. The format hasn't changed as far as I have noticed, but there are some debug/stacktrace messages that are in a completely different format.

 - Josiah

--
You received this message because you are subscribed to the Google Groups "Redis DB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to redis-db+u...@googlegroups.com.
To post to this group, send email to redi...@googlegroups.com.
Visit this group at http://groups.google.com/group/redis-db.
For more options, visit https://groups.google.com/d/optout.