Last active
August 29, 2015 14:10
-
-
Save khebbie/42d72d212cf3727a03a0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
input { | |
udp { | |
port => 3334 | |
codec => json_lines | |
type => "system_logs" | |
} | |
udp { | |
port => 3333 | |
codec => json_lines | |
type => "business_logs" | |
} | |
file { | |
path => ["/var/log/apache2/other_vhosts_access.log"] | |
type => "apache" | |
} | |
} | |
filter { | |
if [type] == "apache" { | |
grok { | |
# See the following URL for a complete list of named patterns | |
# logstash/grok ships with by default: | |
# https://github.com/logstash/logstash/tree/master/patterns | |
# | |
# The grok filter will use the below pattern and on successful match use | |
# any captured values as new fields in the event. | |
match => { "message" => "%{COMBINEDAPACHELOG}" } | |
} | |
date { | |
# Try to pull the timestamp from the 'timestamp' field (parsed above with | |
# grok). The apache time format looks like: "18/Aug/2011:05:44:34 -0700" | |
match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ] | |
} | |
} | |
} | |
output { | |
if [type] == "system_logs" { | |
elasticsearch { | |
embedded => true | |
index => "system_logs-index" | |
} | |
} else { | |
elasticsearch { | |
embedded => true | |
index => "business_logs-index" | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment