dadoonet/logstash.conf

## logstash.conf
# This is a comment. You should use comments to describe
# parts of your configuration.
input {
  file {
    type => "server02"
    path => [ "/tmp/server02/*.log*" ]
  }
  file {
    type => "server03"
    path => [ "/tmp/server03/*.log*" ]
  }
  file {
    type => "server04"
    path => [ "/tmp/server04/*.log*" ]
  }
  file {
    type => "server05"
    path => [ "/tmp/server05/*.log*" ]
  }
  file {
    type => "server06"
    path => [ "/tmp/server06/*.log*" ]
  }
  file {
    type => "server08"
    path => [ "/tmp/server08/*.log*" ]
  }
  file {
    type => "server09"
    path => [ "/tmp/server09/*.log*" ]
  }
  file {
    type => "server10"
    path => [ "/tmp/server10/*.log*" ]
  }
  file {
    type => "server11"
    path => [ "/tmp/server11/*.log*" ]
  }
  file {
    type => "server12"
    path => [ "/tmp/server12/*.log*" ]
  }
  file {
    type => "server13"
    path => [ "/tmp/server13/*.log*" ]
  }
  file {
    type => "server14"
    path => [ "/tmp/server14/*.log*" ]
  }
  file {
    type => "server16"
    path => [ "/tmp/server16/*.log*" ]
  }
  file {
    type => "server17"
    path => [ "/tmp/server17/*.log*" ]
  }
  file {
    type => "server18"
    path => [ "/tmp/server18/*.log*" ]
  }
  file {
    type => "server19"
    path => [ "/tmp/server19/*.log*" ]
  }
  file {
    type => "server20"
    path => [ "/tmp/server20/*.log*" ]
  }
  file {
    type => "server21"
    path => [ "/tmp/server21/*.log*" ]
  }
  file {
    type => "server22"
    path => [ "/tmp/server22/*.log*" ]
  }
  file {
    type => "server23"
    path => [ "/tmp/server23/*.log*" ]
  }
}

filter {
  multiline {
    pattern => "^\s"
    what => "previous"
  }

  grok {
    pattern => "\[%{TIMESTAMP_ISO8601:timestamp}\]\[%{LOGLEVEL:level} *\]\[%{JAVACLASS:classname} *\] +\[%{WORD:nodename}\] +%{GREEDYDATA:message}"
  }

  date {
    match => [ "timestamp", "YYYY-MM-dd HH:mm:ss,SSS" ]
  }

  mutate {
    remove => [ "@source", "@source_host", "@source_path", "@message", "@fields.timestamp" ]
  }
}

output {
  # Print each event to stdout.
  # stdout { debug => true debug_format => "json" }

  # You can have multiple outputs. All events generally to all outputs.
  # Output events to elasticsearch
   elasticsearch_http { host => "localhost" }
}
	# This is a comment. You should use comments to describe
	# parts of your configuration.
	input {
	file {
	type => "server02"
	path => [ "/tmp/server02/.log" ]
	}
	file {
	type => "server03"
	path => [ "/tmp/server03/.log" ]
	}
	file {
	type => "server04"
	path => [ "/tmp/server04/.log" ]
	}
	file {
	type => "server05"
	path => [ "/tmp/server05/.log" ]
	}
	file {
	type => "server06"
	path => [ "/tmp/server06/.log" ]
	}
	file {
	type => "server08"
	path => [ "/tmp/server08/.log" ]
	}
	file {
	type => "server09"
	path => [ "/tmp/server09/.log" ]
	}
	file {
	type => "server10"
	path => [ "/tmp/server10/.log" ]
	}
	file {
	type => "server11"
	path => [ "/tmp/server11/.log" ]
	}
	file {
	type => "server12"
	path => [ "/tmp/server12/.log" ]
	}
	file {
	type => "server13"
	path => [ "/tmp/server13/.log" ]
	}
	file {
	type => "server14"
	path => [ "/tmp/server14/.log" ]
	}
	file {
	type => "server16"
	path => [ "/tmp/server16/.log" ]
	}
	file {
	type => "server17"
	path => [ "/tmp/server17/.log" ]
	}
	file {
	type => "server18"
	path => [ "/tmp/server18/.log" ]
	}
	file {
	type => "server19"
	path => [ "/tmp/server19/.log" ]
	}
	file {
	type => "server20"
	path => [ "/tmp/server20/.log" ]
	}
	file {
	type => "server21"
	path => [ "/tmp/server21/.log" ]
	}
	file {
	type => "server22"
	path => [ "/tmp/server22/.log" ]
	}
	file {
	type => "server23"
	path => [ "/tmp/server23/.log" ]
	}
	}

	filter {
	multiline {
	pattern => "^\s"
	what => "previous"
	}

	grok {
	pattern => "\[%{TIMESTAMP_ISO8601:timestamp}\]\[%{LOGLEVEL:level} \]\[%{JAVACLASS:classname} \] +\[%{WORD:nodename}\] +%{GREEDYDATA:message}"
	}

	date {
	match => [ "timestamp", "YYYY-MM-dd HH:mm:ss,SSS" ]
	}

	mutate {
	remove => [ "@source", "@source_host", "@source_path", "@message", "@fields.timestamp" ]
	}
	}

	output {
	# Print each event to stdout.
	# stdout { debug => true debug_format => "json" }

	# You can have multiple outputs. All events generally to all outputs.
	# Output events to elasticsearch
	elasticsearch_http { host => "localhost" }
	}