Skip to content

Instantly share code, notes, and snippets.

@agoddard

agoddard/elasticsearch.yml

Created January 13, 2012 19:22
Show Gist options
  • Save agoddard/1608233 to your computer and use it in GitHub Desktop.
Save agoddard/1608233 to your computer and use it in GitHub Desktop.
Download ZIP
logstash indexer config
Raw
elasticsearch.yml
path.conf: /etc/elasticsearch
path.data: /var/db/elasticsearch
path.work: /tmp
path.logs: /var/log/elasticsearch
bootstrap.mlockall: true
Raw
indexer.conf
input {
amqp {
type => "all"
host => "192.168.234.11"
exchange_type => "fanout"
name => "rawlogs"
}
}
filter {
grok {
type => "syslog" # for logs of type "syslog"
pattern => "%{SYSLOGLINE}"
# You can specify multiple 'pattern' lines
}
grok {
type => "apache-access" # for logs of type 'apache-access'
pattern => "%{COMBINEDAPACHELOG}"
}
date {
type => "syslog"
# The 'timestamp' and 'timestamp8601' names are for fields in the
# logstash event. The 'SYSLOGLINE' grok pattern above includes a field
# named 'timestamp' that is set to the normal syslog timestamp if it
# exists in the event.
timestamp => "MMM d HH:mm:ss" # syslog 'day' value can be space-leading
timestamp => "MMM dd HH:mm:ss"
timestamp8601 => ISO8601 # Some syslogs use ISO8601 time format
}
date {
type => "apache-access"
timestamp => "dd/MMM/yyyy:HH:mm:ss Z"
}
}
output {
elasticsearch {
host => "192.168.234.12"
}
}
@agoddard
Copy link
Author

DEBUG 11:27:18,088 [Hybrid] Disconnected from [[#zen_unicast_1#][inet[/192.168.234.12:9300]]]
DEBUG 11:27:18,096 [Hybrid] Connected to node [[#zen_unicast_1#][inet[/192.168.234.12:9300]]]
WARN 11:27:18,100 [Hybrid] failed to send ping to [[#zen_unicast_1#][inet[/192.168.234.12:9300]]]
org.elasticsearch.transport.RemoteTransportException: [Madame Web][inet[/192.168.234.12:9300]][discovery/zen/unicast]
Caused by: java.io.EOFException

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment