Skip to content

Instantly share code, notes, and snippets.

@dansteen

dansteen/filter.conf

Last active August 29, 2015 14:13
Show Gist options
  • Save dansteen/495b2a2b8f7e05bade66 to your computer and use it in GitHub Desktop.
Save dansteen/495b2a2b8f7e05bade66 to your computer and use it in GitHub Desktop.
Download ZIP
patterns
Raw
filter.conf
filter {
if "java-api" in [type] {
multiline {
pattern => "^%{TIMESTAMP_ISO8601}"
negate => true
what => "previous"
}
grok {
match => [ "message", "%{API_APPLICATION_LOG}" ]
overwrite => [ "message", "severity" ]
break_on_match => false
}
date {
match => [ "timestamp" , "YYYY-MM-dd HH:mm:ss,SSS", "YYYY-MM-dd HH:mm:ss,SSSZ", "ISO8601" ]
}
}
}
Raw
patterns
API_APPLICATION_LOG %{API_SECTION:timestamp} | %{API_SECTION:severity} | %{API_SECTION:app_id} | %{API_SECTION:request_id} | %{API_SECTION:javaclass} | %{API_SECTION:request}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment