I have created a middleware in laravel! like below
<?php
namespace AppHttpMiddleware;
use CarbonCarbon;
use Closure;
use IlluminateHttpRedirectResponse;
use IlluminateHttpRequest;
use IlluminateHttpResponse;
use IlluminateSupportFacadesLog;
use phpDocumentorReflectionTypesString_;
class SystemActivityLogger
{
/**
* Handle an incoming request.
*
* @param IlluminateHttpRequest $request
* @param Closure(IlluminateHttpRequest): (IlluminateHttpResponse|IlluminateHttpRedirectResponse) $next
* @return Response|RedirectResponse
*/
public function handle(Request $request, Closure $next)
{
Log::channel('rabbitmq_elk')->info($this->prepareLogData($request));
return $next($request);
}
/**
* Prepare log data and log it
* @param Request $request
* @return string
*/
private function prepareLogData(Request $request)
{
return json_encode([
'ip' => $request->ip(),
'url' => $request->url(),
'agent' => $request->userAgent(),
'date' => Carbon::now()->toDateTimeString(),
'params' => $request->query(),
]);
}
}
this middleware is for logging and I want that prepareLogData()
returned json type and i can search it in kibana discover with KQL syntax
this is my sdamiii.conf
file
input {
rabbitmq {
host => "localhost"
port => 5672
heartbeat => 30
queue => "system_logs"
durable => "true"
user => "guest"
password => "guest"
vhost => "/"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "my-index-000001"
data_stream => "false"
}
}
After running bin/logstash -f conf.d/sdamiii.conf
command and requesting Laravel, I get this output in Kiabana.
but I do not search by KQL syntax for example i want search message.ip
I do not receive
any results
How can I solve this problem???
2
Answers
If you want the entire pipeline to behave
in 8.x EXACTLY
as it does with 7.13, your best path forward is to setpipeline.ecs_compaitibility
for the pipeline.Since you are using a configuration that gives you exactly one pipeline per Logstash process, doing so in the
logstash.yml
is reasonable. If you were running multiple pipelines, then doing so for each applicable pipeline in itspipelines.yml
entry would be best.If, for some reason, you want to avoid the easy path above (hint: you probably don't), it is possible to resolve this deprecation warning by adjusting your pipeline definition so that each and every plugin definition has an
ecs_compatibility => disabled
directive. This entails defining your codecs in block form, soI encourage you to take the easy path, to lock in the behavior you want for the entire pipeline. then put this fillter in
sdamiii.conf
this is output
right now you can search with KQL language
What result do you get when you change your prepareLogData method like this?