Hi team,
We have deployed analytics-agent with machine agent in a server and configured pattern to grok logs of application. We are able to see logs in Controller UI.
We want to send only level=ERROR logs to controller. How can this be achieved?
Job file:
version: 2
enabled: true
source:
type: file
path: /data/logs
nameGlob: app.log
startAtEnd: true
fields:
sourceType: xxx
grok:
patterns:
- '%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} \[%{DATA:thread}\] %{DATA:class} %{GREEDYDATA:message}'
eventTimestamp:
pattern: "yyyy-MM-dd HH:mm:ss,SSS"
Thanks,
Jasmitha M