skip to Main Content

I have created a middleware in laravel! like below

<?php

namespace AppHttpMiddleware;

use CarbonCarbon;
use Closure;
use IlluminateHttpRedirectResponse;
use IlluminateHttpRequest;
use IlluminateHttpResponse;
use IlluminateSupportFacadesLog;
use phpDocumentorReflectionTypesString_;

class SystemActivityLogger
{
    /**
     * Handle an incoming request.
     *
     * @param IlluminateHttpRequest $request
     * @param Closure(IlluminateHttpRequest): (IlluminateHttpResponse|IlluminateHttpRedirectResponse)  $next
     * @return Response|RedirectResponse
     */
    public function handle(Request $request, Closure $next)
    {
        Log::channel('rabbitmq_elk')->info($this->prepareLogData($request));
        return $next($request);
    }

    /**
     * Prepare log data and log it
     * @param Request $request
     * @return string
     */
    private function prepareLogData(Request $request)
    {
      return json_encode([
          'ip' => $request->ip(),
          'url' => $request->url(),
          'agent' => $request->userAgent(),
          'date' => Carbon::now()->toDateTimeString(),
          'params' => $request->query(),
       ]);
    }
}

this middleware is for logging and I want that prepareLogData() returned json type and i can search it in kibana discover with KQL syntax
this is my sdamiii.conf file

input {
       rabbitmq {
        host => "localhost"
        port => 5672
        heartbeat => 30
        queue => "system_logs"
        durable => "true"
        user => "guest"
        password => "guest"
        vhost => "/"
    }   
}
output {
       elasticsearch {
           hosts => ["localhost:9200"]
           index => "my-index-000001"
           data_stream => "false"
       }
}

After running ‍‍bin/logstash -f conf.d/sdamiii.conf command and requesting Laravel, I get this output in Kiabana.

enter image description here

but I do not search by KQL syntax for example i want search message.ip I do not receive
any results
How can I solve this problem???

2

Answers


  1. Chosen as BEST ANSWER

    If you want the entire pipeline to behave in 8.x EXACTLY as it does with 7.13, your best path forward is to set pipeline.ecs_compaitibility for the pipeline.

    Since you are using a configuration that gives you exactly one pipeline per Logstash process, doing so in the logstash.yml is reasonable. If you were running multiple pipelines, then doing so for each applicable pipeline in its pipelines.yml entry would be best.

    If, for some reason, you want to avoid the easy path above (hint: you probably don't), it is possible to resolve this deprecation warning by adjusting your pipeline definition so that each and every plugin definition has an ecs_compatibility => disabled directive. This entails defining your codecs in block form, so

    codec =>
     json becomes codec =>
       json { 
         ecs_compatibility => disabled 
       }
    

    I encourage you to take the easy path, to lock in the behavior you want for the entire pipeline. then put this fillter in sdamiii.conf

    filter{
            json{
                    source => "data"
            }
            json{
                    source => "data.params"
            }
    }
    
    filter{
            json{
                    source => "message"
            }
    }
    

    this is output enter image description here

    right now you can search with KQL language


  2. What result do you get when you change your prepareLogData method like this?

    /**
     * Prepare log data and log it
     * @param Request $request
     * @return string
     */
    private function prepareLogData(Request $request)
    {
      return [
          'ip' => $request->ip(),
          'url' => $request->url(),
          'agent' => $request->userAgent(),
          'date' => Carbon::now()->toDateTimeString(),
          'params' => $request->query(),
       ];
    }
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search