Home of the Squeezebox™ & Transporter® network music players.
Results 1 to 2 of 2

Thread: Logstash?

  1. #1
    Senior Member
    Join Date
    Mar 2007
    Posts
    396

    Logstash?

    Not sure if this should be here or in the general LMS forum, but has anyone tried parsing LMS logs in logstash?

    Splunk has an app:
    https://apps.splunk.com/app/905/
    So I was thinking of doing something similar in Logstash.

    I am trying to learn logstash and I was going to give it a shot, but if someone else has done it all the better!

  2. #2
    I was looking for something similar but could only find this thread so after a bit of trial and error, came up with the below basic filebeat and logstash config. It does no real manipulation of the data (other than setting the @timestamp field) and has a dependancy on the PlayLog plugin being installed and running (to give an xml file of everything played).

    Filebeat config, filbeat needs access to the PlayLogSongLogs directory (~/Music/Playlists/PlayLogSongLogs/ on my Mac):

    Code:
    filebeat.inputs:
    - type: log
      enabled: true
      paths:
        - /Users/***/Music/Playlists/PlayLogSongLogs/*.xml
      exclude_lines: '<!--'
      exclude_files: ['.gz$']
      multiline.pattern: '<song>'
      multiline.negate: true
      multiline.match: after
      multiline.flush_pattern: '</song>'
    
    filebeat.config.modules:
      path: ${path.config}/modules.d/*.yml
      reload.enabled: false
    
    setup.template.settings:
      index.number_of_shards: 3
    
    name: squeezebox_tracks
    
    setup.kibana:
      host: "192.168.1.29:5601"
    
    output.logstash:
      hosts: ["192.168.1.29:5044"]
    
    processors:
      - add_host_metadata: ~
      - add_cloud_metadata: ~
    Logstash config:
    Code:
    # Beats -> Logstash -> Elasticsearch pipeline.
    
    input {
      beats {
        port => 5044
      }
    }
    
    filter {
      xml {
        source => "message"
        target => "doc"
        force_array => false
      }
      date {
        match => ["doc[date]", "yyyy/MM/dd HH:mm:ss"]
      }
    }
    
    output {
      elasticsearch {
        hosts => ["http://192.168.1.29:9200"]
        index => "squeezebox_tracks-%{+YYYY.MM.dd}"
      }
            #stdout { }
    }
    Last edited by odw199; 2019-06-12 at 14:19.
    LMS Server: Mac Mini with music library on Drobo 5D
    Living Room: Raspberry Pi + AlloBoss -> Onkyo A 9010 -> KEF LS50
    Study: Raspberry Pi -> Audio Engine D1 -> Audio Addon Pro T3
    Kitchen: Squeezebox Radio
    Bedroom: SB3 -> B&W Zeppelin

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •