Skip to content

Instantly share code, notes, and snippets.

@a-h

a-h/11-weblogic.rb

Created June 11, 2015 14:38
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save a-h/602dc9c744583f60884f to your computer and use it in GitHub Desktop.
Save a-h/602dc9c744583f60884f to your computer and use it in GitHub Desktop.
Download ZIP
WebLogic Logstash Filter
Raw
11-weblogic.rb
filter {
## WebLogic Server Http Access Log
if [type] == "weblogic-access" {
grok {
match => [ "message", "%{IP:client} - - \[(?<timestamp>%{MONTHDAY}[./-]%{MONTH}[./-]%{YEAR}:%{TIME}\s+%{ISO8601_TIMEZONE})] \"%{WORD:verb} %{URIPATHPARAM:uri}\s+HTTP.+?\" %{NUMBER:status} %{NUMBER:response_time}" ]
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
}
@a-h
Copy link
Author

a-h commented Jun 11, 2015

Should be used with Logstash and stored as /etc/logstash/conf.d/12-weblogic.conf

To actually have messages to input, the logstash forwarder needs to collect messages, e.g.:

/etc/logstash-forwarder.conf

    # The list of files configurations
    "files": [
      # An array of hashes. Each hash tells what paths to watch and
      # what fields to annotate on events from those paths.
      {
        "paths": [
         "/var/log/weblogic/*"
        ],
        "fields": { "type": "weblogic-access" }
      }
    ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment