catherinetcai/STDOUT

## logstash.conf
input {
  tcp {
    port => 5514
    type => syslog
  }
}

filter {
  if [type] == "syslog" {
    grok {
      match => { "message" => "<%{POSINT:syslog_lvl}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{DATA:hostname} (%{GREEDYDATA:program}:) %{GREEDYDATA:message_remainder}" }
      add_tag => [ "%{program}" ]
    }
    mutate {
      replace => { "message" => "%{message_remainder}" }
      remove_field => [ "message_remainder", "@version", "syslog_timestamp" ]
    }
  }
}

output {
  stdout { codec => rubydebug }
}

## STDOUT
{
      "hostname" => "collect-1: message repeated 33",
    "@timestamp" => 2017-02-01T23:27:21.168Z,
          "port" => 51601,
          "host" => "127.0.0.1",
    "syslog_lvl" => "13",
       "program" => "times",
       "message" => "[ COLLECT SIDE]",
          "type" => "syslog",
          "tags" => [
        [0] "times"
    ]
}
	input {
	tcp {
	port => 5514
	type => syslog
	}
	}

	filter {
	if [type] == "syslog" {
	grok {
	match => { "message" => "<%{POSINT:syslog_lvl}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{DATA:hostname} (%{GREEDYDATA:program}:) %{GREEDYDATA:message_remainder}" }
	add_tag => [ "%{program}" ]
	}
	mutate {
	replace => { "message" => "%{message_remainder}" }
	remove_field => [ "message_remainder", "@version", "syslog_timestamp" ]
	}
	}
	}

	output {
	stdout { codec => rubydebug }
	}
	{
	"hostname" => "collect-1: message repeated 33",
	"@timestamp" => 2017-02-01T23:27:21.168Z,
	"port" => 51601,
	"host" => "127.0.0.1",
	"syslog_lvl" => "13",
	"program" => "times",
	"message" => "[ COLLECT SIDE]",
	"type" => "syslog",
	"tags" => [
	[0] "times"
	]
	}