Skip to content

Instantly share code, notes, and snippets.

@koushikmln

koushikmln/logstash.config

Last active May 26, 2018 09:23
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save koushikmln/4037d0e38010ff6af4e1a9b5b72362c0 to your computer and use it in GitHub Desktop.
Save koushikmln/4037d0e38010ff6af4e1a9b5b72362c0 to your computer and use it in GitHub Desktop.
Download ZIP
Logstash Config File for Parsing HTTP Logs
Raw
logstash.config
input {
file {
path => ["/opt/gen_logs/logs/access.log"]
type => "apache_access"
}
}
filter {
grok {
match => [
"message" , "%{COMBINEDAPACHELOG}+%{GREEDYDATA:extra_fields}",
"message" , "%{COMMONAPACHELOG}+%{GREEDYDATA:extra_fields}"
]
overwrite => [ "message" ]
}
mutate {
convert => ["response", "integer"]
convert => ["bytes", "integer"]
convert => ["responsetime", "float"]
add_field => [ "rounded_timestamp", "%{@timestamp}" ]
convert => ["rounded_timestamp", "string"]
}
geoip {
source => "clientip"
target => "geoip"
add_tag => [ "apache-geoip" ]
}
ruby {
code => "
timestamp_stripped = event.get('rounded_timestamp')[0..16] + '00.000Z'
event.set('rounded_timestamp',timestamp_stripped)
"
}
useragent {
source => "agent"
}
}
output {
kafka {
codec => json
topic_id => "retail_logs"
bootstrap_servers => "mapr02.itversity.com:9092,mapr03.itversity.com:9092,mapr04.itversity.com:9092"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment