Skip to content

Instantly share code, notes, and snippets.

@ggirou

ggirou/logapp.conf

Created April 14, 2015 14:23
Show Gist options
  • Save ggirou/f6110adf7458ca2ffe5d to your computer and use it in GitHub Desktop.
Save ggirou/f6110adf7458ca2ffe5d to your computer and use it in GitHub Desktop.
Download ZIP
Logstash configuration
Raw
logapp.conf
input {
# stdin { }
file {
path => "/path/to/catalina.out*"
start_position => beginning
}
}
# %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %marker - %msg%n
filter {
multiline {
pattern => "^(\d\d:\d\d:\d\d.\d\d\d)"
negate => true
what => "previous"
}
grok {
match => { "message" => "%{JAVALOGBACK}" }
}
grok {
match => { "path" => "%{GREEDYDATA}/%{GREEDYDATA:server}/catalina.out-%{NONNEGINT:date}" }
}
mutate {
add_field => ["datetime", "%{date} %{time}"]
remove_field => [ "date", "time" ]
}
date {
match => [ "datetime" , "YYYYMMdd HH:mm:ss.SSS" ]
remove_field => [ "datetime" ]
}
}
output {
elasticsearch { host => localhost }
stdout { codec => rubydebug }
# file { path => "/other/path/to/catalina.%{+yyyy.MM.dd.HH}" }
}
Raw
patterns_javalogback
JAVACLASS (?:[a-zA-Z0-9-]+\.)+[A-Za-z0-9$_]+
JAVAFILE (?:[A-Za-z0-9_. -]+)
JAVASTACKTRACEPART at %{JAVACLASS:class}\.%{WORD:method}\(%{JAVAFILE:file}:%{NUMBER:line}\)
MILLISECOND (\d{3})
JAVALOGBACKTIMESTAMP %{HOUR}:%{MINUTE}:%{SECOND}.%{MILLISECOND}
JAVALOGBACK %{JAVALOGBACKTIMESTAMP:time} \[%{HOSTNAME:thread}\] %{WORD:severity}\s+%{JAVACLASS:class} - %{WORD:marker} -
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment