This is a small contribution aimed at getting you started more quickly when about to dump TCI (TIBCO Cloud Integration) log files into ELK (Elasticsearch Logstash, and Kibana)
You'll find the two necessary files:
tci-log.conf: the configuration file for logstash,patterns/tci-grok-patterns: the patterns file for logstash'sgrokfilter.
This extracts a number of properties from the logs, which will be dropped in Elasticsearch, that you can use in Kibana to discover you data and visualise it:
errlvlthe error level ERROR, DEBUG, WARN, or INFO,tciptthe process and thread information
tcijobidthe job ID,tcipiidthe process ID,tcippiidthe parent process ID (if this is about a subprocess),tciactivitythe activity name,tciprocessthe process name,tcimodthe module name,tciappthe application name.
There are many options when it comes to running the ELK stack you'll dump those contents to, included running it directly from GCP (Hosted on GCP, offered by Elasticsearch) or AWS (Amazon Elasticsearch Service).
I tried Bitnami's ELK image for Amazon EC2 and would recommend it: it is well documented, leaves access to server via ssh, and leaves a lot of flexibility when it comes to configuration, including installing TCI's tibcli.
You get all the documentation on Bitnami's website.
Should you happen to use Bitnami's image, here is what to do with the two files:
cp tci-log.conf /opt/bitnami/logstash/confmkdir /opt/bitnami/logstash/patternscp patterns/tci-grok-patterns /opt/bitnami/logstash/patterns
And here is how you would start logstash (making sure you are logged in TCI with tibcli):
./tibcli monitor applog -s <your application's name> | sudo /opt/bitnami/logstash/bin/logstash -f /opt/bitnami/logstash/conf/tci.conf
- Elasticsearch, Logstash, and Kibana
- TIBCO Cloud Integration
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
This project is licensed under the MIT License - see the LICENSE.md file for details.
- Philippe Gabert