janorn
janorn
/ logstash.conf
Created
April 29, 2016 17:51
— forked from ollyg/logstash.conf
logstash config and filter to fully parse a syslog message (PRI, timestamp, host)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter { | |
| # strip the syslog PRI part and create facility and severity fields. | |
| # the original syslog message is saved in field %{syslog_raw_message}. | |
| # the extracted PRI is available in the %{syslog_pri} field. | |
| # | |
| # You get %{syslog_facility_code} and %{syslog_severity_code} fields. | |
| # You also get %{syslog_facility} and %{syslog_severity} fields if the | |
| # use_labels option is set True (the default) on syslog_pri filter. | |
| grok { | |
| type => "syslog-relay" |