Created
March 6, 2013 11:08
Logstash configuration file that allows you to parse an old file with the correct timestamps via:
"nc localhost 3333 < yourlogfile.log "
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| tcp { | |
| type => "haproxy" | |
| port => 3333 | |
| } | |
| } | |
| filter { | |
| grok { | |
| type => "haproxy" | |
| # See the following URL for a complete list of named patterns | |
| # logstash/grok ships with by default: | |
| # https://github.com/logstash/logstash/tree/master/patterns | |
| # | |
| # The grok filter will use the below pattern and on successful match use | |
| # any captured values as new fields in the event. | |
| pattern => "%{HAPROXYHTTP}" | |
| } | |
| date { | |
| type => "haproxy" | |
| # Try to pull the timestamp from the 'timestamp' field (parsed above with | |
| # grok). The apache time format looks like: "18/Aug/2011:05:44:34 -0700" | |
| syslog_timestamp => ["MMM d HH:mm:ss", "MMM dd HH:mm:ss"] | |
| } | |
| } | |
| output { | |
| elasticsearch { | |
| # Setting 'embedded' will run a real elasticsearch server inside logstash. | |
| # This option below saves you from having to run a separate process just | |
| # for ElasticSearch, so you can get started quicker! | |
| embedded => true | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment