/gist:6124704
Created Jul 31, 2013
| input { | |
| lumberjack{ | |
| type => "lumberjack" | |
| tags => ["lumberjack"] | |
| port => 12345 | |
| ssl_certificate => "/root/lumberjack/server.crt" | |
| ssl_key => "/root/lumberjack/server.key" | |
| } | |
| } | |
| filter{ | |
| grok{ | |
| type => "session" | |
| pattern => ["%{TIMESTAMP_ISO8601:timestamp}:\s%{DATA:data}:\s%{GREEDYDATA:user}"] | |
| add_field => ["@data", "%{data}"] | |
| add_tag => ["SESSION"] | |
| } | |
| date { | |
| match => ["timestamp", "yyyy-MM-dd HH:mm:ss,SSS"] | |
| } | |
| mutate{ | |
| remove => [ "timestamp", "data" ] | |
| } | |
| } | |
| output { | |
| stdout {} | |
| elasticsearch_http { | |
| host => "x.x.x.x" | |
| flush_size => "1" | |
| #exclude_tags => ["_grokparsefailure"] | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment