kyungw00k/logback.xml

## logback.xml
<?xml version="1.0" encoding="UTF-8"?>

<!-- For assistance related to logback-translator or configurations  -->
<!-- files in general, please contact the logback user mailing list -->
<!-- at http://www.qos.ch/mailman/listinfo/logback-user             -->
<!--                                                                -->
<!-- For professional support please see                            -->
<!--    http://www.qos.ch/shop/products/professionalSupport         -->
<!--                                                                -->
<configuration>
    <appender name="console" class="ch.qos.logback.core.ConsoleAppender">
        <encoder>
            <pattern>[%d{yyyy-MM-dd HH:mm:ss.SSS}] [${HOSTNAME}] [%thread] %level %logger{36}@%method:%line - %msg%n</pattern>
        </encoder>

    </appender>

    <appender name="file" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
            <fileNamePattern>/path/to/logbach/log/project.%d{yyyy-MM-dd}.log</fileNamePattern>
            <maxHistory>100</maxHistory>
        </rollingPolicy>

        <encoder>
            <pattern>[%d{yyyy-MM-dd HH:mm:ss.SSS}] [${HOSTNAME}] [%thread] %level %logger{36}@%method:%line - %msg%n</pattern>
        </encoder>
    </appender>

    <logger name="org.springframework" level="INFO"/>
    <logger name="org.hibernate" level="INFO" />

    <logger name="org.apache.commons" level="ERROR"/>
    <logger name="org.apache.velocity" level="ERROR"/>
    <logger name="org.apache.tiles" level="ERROR"/>
    <logger name="org.apache.catalina" level="INFO"/>

    <root level="INFO">
        <appender-ref ref="console"/>
        <appender-ref ref="file"/>
    </root>
</configuration>

## logstash.conf
input {
	file {
		type => "logType"
		path => ["/path/to/logbach/log/*.log"]
	}
}

filter {
	multiline {
		pattern => '^(?m)\[%{TIMESTAMP_ISO8601}\] \[%{HOSTNAME}\] \[%{DATA}\] %{LOGLEVEL} '
		negate => true
		what => previous
	}

	grok {
		pattern => [
		    "(?m)\[%{TIMESTAMP_ISO8601:timestamp}\] \[%{HOSTNAME:host}\] \[%{DATA:thread}\] %{LOGLEVEL:logLevel} %{DATA:class}@%{DATA:method}:%{DATA:line} \- %{GREEDYDATA:message}"
	    ]

		overwrite => [
		    "host",
		    "message"
	    ]

		add_field => {
		    "code" => "%{class}@%{method}:%{line}"
	    }
	}

	if "_grokparsefailure" in [tags] {
		grok {
			match => [
			    "message", "(?m)\[%{TIMESTAMP_ISO8601:timestamp}\] \[%{HOSTNAME:host}\] \[%{DATA:thread}\] %{LOGLEVEL:logLevel} %{DATA:class}@%{DATA:method}:%{DATA:line} \- (?<message>(.|\r|\n)*)"
		    ]
			overwrite => [
			    "host",
			    "message"
		    ]
			add_field => {
			    "code" => "%{class}@%{method}:%{line}"
		    }
		}
	}

	date {
		match => [
			"timestamp" , "YYYY-MM-dd HH:mm:ss.SSS"
		]
		target => "@timestamp"
	}
}
	<?xml version="1.0" encoding="UTF-8"?>

	<!-- For assistance related to logback-translator or configurations -->
	<!-- files in general, please contact the logback user mailing list -->
	<!-- at http://www.qos.ch/mailman/listinfo/logback-user -->
	<!-- -->
	<!-- For professional support please see -->
	<!-- http://www.qos.ch/shop/products/professionalSupport -->
	<!-- -->
	<configuration>
	<appender name="console" class="ch.qos.logback.core.ConsoleAppender">
	<encoder>
	<pattern>[%d{yyyy-MM-dd HH:mm:ss.SSS}] [${HOSTNAME}] [%thread] %level %logger{36}@%method:%line - %msg%n</pattern>
	</encoder>

	</appender>

	<appender name="file" class="ch.qos.logback.core.rolling.RollingFileAppender">
	<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
	<fileNamePattern>/path/to/logbach/log/project.%d{yyyy-MM-dd}.log</fileNamePattern>
	<maxHistory>100</maxHistory>
	</rollingPolicy>

	<encoder>
	<pattern>[%d{yyyy-MM-dd HH:mm:ss.SSS}] [${HOSTNAME}] [%thread] %level %logger{36}@%method:%line - %msg%n</pattern>
	</encoder>
	</appender>

	<logger name="org.springframework" level="INFO"/>
	<logger name="org.hibernate" level="INFO" />

	<logger name="org.apache.commons" level="ERROR"/>
	<logger name="org.apache.velocity" level="ERROR"/>
	<logger name="org.apache.tiles" level="ERROR"/>
	<logger name="org.apache.catalina" level="INFO"/>

	<root level="INFO">
	<appender-ref ref="console"/>
	<appender-ref ref="file"/>
	</root>
	</configuration>
	input {
	file {
	type => "logType"
	path => ["/path/to/logbach/log/*.log"]
	}
	}

	filter {
	multiline {
	pattern => '^(?m)\[%{TIMESTAMP_ISO8601}\] \[%{HOSTNAME}\] \[%{DATA}\] %{LOGLEVEL} '
	negate => true
	what => previous
	}

	grok {
	pattern => [
	"(?m)\[%{TIMESTAMP_ISO8601:timestamp}\] \[%{HOSTNAME:host}\] \[%{DATA:thread}\] %{LOGLEVEL:logLevel} %{DATA:class}@%{DATA:method}:%{DATA:line} \- %{GREEDYDATA:message}"
	]

	overwrite => [
	"host",
	"message"
	]

	add_field => {
	"code" => "%{class}@%{method}:%{line}"
	}
	}

	if "_grokparsefailure" in [tags] {
	grok {
	match => [
	"message", "(?m)\[%{TIMESTAMP_ISO8601:timestamp}\] \[%{HOSTNAME:host}\] \[%{DATA:thread}\] %{LOGLEVEL:logLevel} %{DATA:class}@%{DATA:method}:%{DATA:line} \- (?<message>(.\|\r\|\n)*)"
	]
	overwrite => [
	"host",
	"message"
	]
	add_field => {
	"code" => "%{class}@%{method}:%{line}"
	}
	}
	}

	date {
	match => [
	"timestamp" , "YYYY-MM-dd HH:mm:ss.SSS"
	]
	target => "@timestamp"
	}
	}