Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Monolog Logstash Config example
input {
stdin { codec => "plain" }
}
filter {
# Pulls out fields from monolog text log. (Note, we don't send extra to our monolog)
grok {
match => [ "message", "%{MONOLOG} %{GREEDYDATA:mymessage}"]
}
json {
source => "context"
}
}
output {
stdout { codec => rubydebug }
}
@EdwardIII

This comment has been minimized.

Copy link

@EdwardIII EdwardIII commented Oct 5, 2015

Hey, where does MONOLOG come from?

@erichnascimento

This comment has been minimized.

Copy link

@erichnascimento erichnascimento commented Mar 30, 2016

(Monolog pattern):

# Define Monolog pattern
MONOLOG \[%{TIMESTAMP_ISO8601:timestamp}\] %{DATA:logger}.%{LOGLEVEL:level}:

Or inline:

\[%{TIMESTAMP_ISO8601:timestamp}\] %{DATA:logger}.%{LOGLEVEL:level}: %{GREEDYDATA:message}

Log input example:

[2016-03-29 10:27:03] payroll-app.request.INFO: 204 PUT /employments/1/integration/status

Event output exemple:

{
  "timestamp": [
    [
      "2016-03-29 10:27:03"
    ]
  ],
  "logger": [
    [
      "payroll-app.request"
    ]
  ],
  "level": [
    [
      "INFO"
    ]
  ],
  "message": [
    [
      "204 PUT /employments/1/integration/status"
    ]
  ]
}
@emxjay

This comment has been minimized.

Copy link

@emxjay emxjay commented Nov 8, 2016

You need to add overwrite => [ "message" ] to set properly the message field.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment