gt50/pacs.conf

## pacs.conf
input {
      tcp {
              type => "pacs"
              port => 3517
      }
}
filter {
    if [type] == "pacs" {
        grok {
            match => ["message", "%{TIMESTAMP_ISO8601:timestamp} %{WORD:loglevel}  %{SYSLOG5424SD:logsource} \(Import:%{GREEDYDATA:studyuid}\) %{GREEDYDATA:action} Patient:%{GREEDYDATA:patienname}, PatientID:%{GREEDYDATA:patientid}, IPID:%{WORD:ipid}, Modality:%{WORD:modality}, Accession:%{WORD:accession}, StudyDate:%{YEAR:dosyear}%{MONTHNUM:dosmonth}%{MONTHDAY:dosday}"]
            match => ["message", "%{TIMESTAMP_ISO8601:timestamp} %{WORD:loglevel}  %{SYSLOG5424SD:logsource} \(InImageQueueEventGenerator\) %{GREEDYDATA:action} Patient:%{GREEDYDATA:patienname}, PatientID:%{GREEDYDATA:patientid}, IPID:%{WORD:ipid}, Modality:%{WORD:modality}, Accession:%{WORD:accession}, StudyDate:%{YEAR:dosyear}%{MONTHNUM:dosmonth}%{MONTHDAY:dosday}"]
		}
		date {
			match => [ "timestamp", "YYYY-MM-dd HH:mm:ss,SSS" ]
			timezone => "America/Los_Angeles"
		}
    }
}

output {
	if [type] == "pacs" {
		elasticsearch { host => localhost }
	}
}
	input {
	tcp {
	type => "pacs"
	port => 3517
	}
	}
	filter {
	if [type] == "pacs" {
	grok {
	match => ["message", "%{TIMESTAMP_ISO8601:timestamp} %{WORD:loglevel} %{SYSLOG5424SD:logsource} \(Import:%{GREEDYDATA:studyuid}\) %{GREEDYDATA:action} Patient:%{GREEDYDATA:patienname}, PatientID:%{GREEDYDATA:patientid}, IPID:%{WORD:ipid}, Modality:%{WORD:modality}, Accession:%{WORD:accession}, StudyDate:%{YEAR:dosyear}%{MONTHNUM:dosmonth}%{MONTHDAY:dosday}"]
	match => ["message", "%{TIMESTAMP_ISO8601:timestamp} %{WORD:loglevel} %{SYSLOG5424SD:logsource} \(InImageQueueEventGenerator\) %{GREEDYDATA:action} Patient:%{GREEDYDATA:patienname}, PatientID:%{GREEDYDATA:patientid}, IPID:%{WORD:ipid}, Modality:%{WORD:modality}, Accession:%{WORD:accession}, StudyDate:%{YEAR:dosyear}%{MONTHNUM:dosmonth}%{MONTHDAY:dosday}"]
	}
	date {
	match => [ "timestamp", "YYYY-MM-dd HH:mm:ss,SSS" ]
	timezone => "America/Los_Angeles"
	}
	}
	}

	output {
	if [type] == "pacs" {
	elasticsearch { host => localhost }
	}
	}