This is the format of the logs:
[orion@ctceslogs12 ~]$ sudo tail -f /var/log/elasticsearch/master/gi-logging.log
[2019-05-06T09:56:46,920][INFO ][o.e.c.m.MetaDataMappingService] [ctceslogs12-master] [logstash-apfeed-000079/yTtt3dAsR7uxsMMBSVUkqQ] update_mapping [doc]
[2019-05-06T10:15:49,761][INFO ][o.e.c.m.MetaDataMappingService] [ctceslogs12-master] [logstash-eventlog-000014/GcrdH27PRTmQ75H_za2ARA] update_mapping [doc]
[2019-05-06T10:49:10,711][INFO ][o.e.c.m.MetaDataMappingService] [ctceslogs12-master] [logstash-apfeed-000079/yTtt3dAsR7uxsMMBSVUkqQ] update_mapping [doc]
[2019-05-06T10:50:46,568][INFO ][o.e.c.m.MetaDataMappingService] [ctceslogs12-master] [logstash-apfeed-000079/yTtt3dAsR7uxsMMBSVUkqQ] update_mapping [doc]
I’m looking to log severity ERROR, FATAL and probably WARN. All I have in place is:
sudo /opt/sensu/embedded/bin/check-log.rb -f /var/log/elasticsearch/master/gi-logging.log -q error -c 1 -r
All it does is give me one entry. Need the entire stack.
I noticed there is a -l for format. What yo I put in for the format:
sudo /opt/sensu/embedded/bin/check-log.rb -f /var/log/elasticsearch/master/gi-logging.log -q error -c 1 -r -l ???