0

I have put all my logs into ELK. I want to classify my exceptions according to the exception type. Example: I want to classify the exceptions into "NullPointerException", "IndexOutOfBoundException",...

I have tried using the approach mentioned by @Val in the below previous question

match_only_text fields do not support sorting and aggregations elasticsearch

After following the steps mentioned by @Val using Kibana DevTools, I have created a filebeat scripted field using the script:

if (doc.containsKey('message.keyword'))

{ if(doc['message.keyword'].size()>0)

{

def message = doc['message.keyword'].value;

if (message.contains("java.lang.IllegalStateException"))

return "Error-1";

else

return "Error-2";

}

}

else

return "No Message";

It worked for the single line logs but didn't work for the multi-line logs. How can i make it work for the multi-line logs as well.

I will be glad if there is any better approach.

erlich bachman
  • 3
  • 3
  • The [`categorize_text` aggregation](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-categorize-text-aggregation.html) should be able to help you with this. Time permitting, I'll provide an example – Val Aug 10 '23 at 13:52
  • Thank you for pointing out to the resource. I will be waiting to get an example/answer as I am completely new to the ELK stack. – erlich bachman Aug 10 '23 at 14:06
  • You can already have a glimpse from this article: https://www.elastic.co/blog/categorize-your-logs-with-the-new-elasticsearch-categorize-text-search-aggregation – Val Aug 10 '23 at 14:08
  • `POST filebeat-*/_search?filter_path=aggregations { "aggs": { "categories": { "categorize_text": { "field": "message" } } } }` Would this be a good one to automatically categorise logs @Val – erlich bachman Aug 11 '23 at 05:53
  • Feel free to try it out along the lines of what's presented in those articles, time permitting I'll try to provide some guidance – Val Aug 11 '23 at 06:48

0 Answers0