Skip to content

Instantly share code, notes, and snippets.

@chelming

chelming/logstash.conf

Last active August 29, 2015 14:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save chelming/681ef312794cca2c6b98 to your computer and use it in GitHub Desktop.
Save chelming/681ef312794cca2c6b98 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
logstash.conf
input {
tcp {
port => 5544
codec => json
ssl_cacert => "/etc/logstash/conf.d/ssl/ca.pem"
ssl_cert => "/etc/logstash/conf.d/ssl/cert.pem"
ssl_enable => true
ssl_key => "/etc/logstash/conf.d/ssl/key.pem"
ssl_verify => false
}
syslog {
type => "syslog"
}
}
filter {
if [SourceModuleName] == "eventlog" {
json{
source => "message"
}
grok {
add_field => { "Message_raw" => "%{Message}" }
match => ["Message", "%{GREEDYDATA:Message}"]
overwrite => [ "Message" ]
}
mutate {
remove_field => [
"Keywords",
"OpcodeValue",
"SourceModuleType",
"Task",
"Version",
"message",
"Client"
]
rename => [ "host", "Remote IP:Remote Port" ]
}
}
}
output {
elasticsearch {
host => "localhost"
cluster => "<cluster name>"
protocol => "transport"
node_name => "logstash ES output"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment