Complete the code to specify the log input source in Logstash configuration.
input {
file {
path => "[1]"
start_position => "beginning"
}
}The path option in Logstash input specifies the log file to read. Here, /var/log/app.log is the application log file.
Complete the Elasticsearch query to find logs with level 'error'.
{
"query": {
"match": {
"level": "[1]"
}
}
}The query matches logs where the level field is error, filtering error logs.
Fix the error in the Kibana index pattern to match logs from all microservices.
logs-[1]-*The wildcard * matches all microservice names, so the pattern logs-*-* includes logs from all services.
Fill both blanks to configure Logstash filter to parse JSON logs and add a timestamp.
filter {
json {
source => "[1]"
}
date {
match => [ "[2]", "ISO8601" ]
}
}The json filter parses the JSON string from the message field. The date filter uses the timestamp field to set the event time.
Fill all three blanks to create a Kibana visualization filter for logs with status code >= 500 and service 'auth'.
{
"query": {
"bool": {
"must": [
{ "term": { "service": "[1]" } },
{ "range": { "status_code": { "[2]": [3] } } }
]
}
}
}The filter matches logs where the service is 'auth' and the status_code is greater than or equal to 500, indicating server errors.