Skip to content

Instantly share code, notes, and snippets.

@AndyBold
Created March 17, 2021 09:55
Show Gist options
  • Save AndyBold/2e0a091e196e041eefe81f7d7e682e0c to your computer and use it in GitHub Desktop.
Save AndyBold/2e0a091e196e041eefe81f7d7e682e0c to your computer and use it in GitHub Desktop.
I use this with the sebp/elk Dockerised ELK stack, mounted as beats config.
filter {
dissect {
mapping => {
"message" => '%{protocol} %{timestamp} %{destination} %{ip_source} %{ip_destination} %{request_processing_time} %{backend_processing_time} %{response_processing_time} %{elb_status} %{backend_status} %{received_bytes} %{sent_bytes} "%{request}" "%{user_agent}" %{ssl_cipher} %{ssl_protocol} %{target_group_arn} "%{trace_id}" "%{domain_name}" "%{chosen_cert_arn}" %{matched_rule_priority} %{request_creation_time} "%{actions_executed}" "%{redirect_url}" "%{error_reason}" "%{target}" "%{target_status}" "{%classification}" "{classification_reason}"'
}
}
}
input {
beats {
port => 5044
ssl => false
ssl_certificate => "/etc/pki/tls/certs/logstash-beats.crt"
ssl_key => "/etc/pki/tls/private/logstash-beats.key"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment