Skip to content

Instantly share code, notes, and snippets.

@expl0ratory

expl0ratory/gist:9745448

Created March 24, 2014 17:51
Show Gist options
  • Save expl0ratory/9745448 to your computer and use it in GitHub Desktop.
Save expl0ratory/9745448 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
input {
stdin {
codec => multiline {
pattern => "^%{DATESTAMP} "
negate => true
what => "previous"
}
}
}
filter {
# stuff-log filters
grok {
match => [ "message", "%{DATESTAMP:timestamp} \[%{NUMBER:pid}\] \[%{WORD:log_level}\] %{DATA:module}: %{GREEDYDATA:log_message}" ]
}
date {
match => [ "timestamp", "yyyy-MM-dd HH:mm:ss,SSS" ]
}
}
output {
stdout { codec => rubydebug }
}
@expl0ratory
Copy link
Author 

input {
    stdin {
        codec => multiline {
            pattern => "^(\d\d\d\d-\d\d-\d\d)"
            negate => true
            what => "previous"
        }
    }
}

filter {
  # stuff-log filters
  grok {
    match => [ "message", "%{DATESTAMP:timestamp} \[%{NUMBER:pid}\] \[%{WORD:log_level}\] %{DATA:module}: %{GREEDYDATA:log_message}" ]
  }

  date {
    match => [ "timestamp", "yyyy-MM-dd HH:mm:ss,SSS" ]
    add_field => {
        "continuation" => false
    }
  }

}

output {
  stdout { codec => rubydebug }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment