Skip to content

Instantly share code, notes, and snippets.

@canimus

canimus/logstash-tomcat.rb

Created August 1, 2015 02:20
Show Gist options
  • Save canimus/78ea1b2d08992a035576 to your computer and use it in GitHub Desktop.
Save canimus/78ea1b2d08992a035576 to your computer and use it in GitHub Desktop.
Download ZIP
A parser for tomcat log files
Raw
logstash-tomcat.rb
input {
stdin {}
# file {
# path => ["/Volumes/VM/planit/1_customers/ecu/BB_logs/app_p2/archives/logs/tomcat/access/bb-access-log.*.txt" ]
# start_position => "beginning"
# }
}
filter {
grok {
# patterns_dir => "/Users/lanyonm/logstash/patterns"
match => { "message" => "^%{IPORHOST:clientip} (?:%{IPORHOST:ident}|-) (?:%{DATA:auth}|-) (?:%{DATA:token}|-) \[%{HTTPDATE:time}\] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response}(?:%{SPACE})(?:%{NUMBER:bytes}|-)(?:%{SPACE})(?:%{QS:agent})(?:%{SPACE})(?:%{DATA:session}|-)(?:%{SPACE})(%{NUMBER:session}?|-?)(%{SPACE}?)(%{NUMBER:render}?|-?)(%{SPACE}?)(%{NUMBER:buffer}?|-?)$" }
}
}
output {
# if "_grokparsefailure" in [tags] {
# stdout {
# codec => rubydebug
# }
# }
# stdout {
# codec => rubydebug
# }
elasticsearch {
document_type => "ecu-tomcat-log"
host => "127.0.0.1"
index => "ecu-blackboard-2015.07.31"
flush_size => 10
template_overwrite => false
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment