Created
September 27, 2016 11:39
-
-
Save marji/24494c3ae934a17d6f512ca855c0de69 to your computer and use it in GitHub Desktop.
drupal watchdog logstash config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# logstash indexer filter for drupal watchdog | |
# | |
# See: https://events.drupal.org/dublin2016/sessions/building-high-available-elk-drupal | |
# | |
filter { | |
grok { | |
match => { "message" => "%{SYSLOGWATCHDOG}" } | |
} | |
date { | |
locale => "en" | |
match => [ "logdate", "dd/MMM/yyyy:HH:mm:ss Z", "MMM d HH:mm:ss" , "MMM d HH:mm:ss", "dd-MMM-yyyy HH:mm:ss ZZZ" ] | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Drupal watchdog pattern for logstash grok filter | |
# - based on https://gist.github.com/Synchro/5917252: | |
# | |
# See: https://events.drupal.org/dublin2016/sessions/building-high-available-elk-drupal | |
# | |
WATCHDOG https?://%{HOSTNAME:drupal_vhost}\|%{NUMBER:drupal_timestamp}\|(?<drupal_action>[^\|]*)\|%{IP:drupal_ip}\|(?<drupal_request_uri>[^\|]*)\|(?<drupal_referer>[^\|]*)\|(?<drupal_uid>[^\|]*)\|(?<drupal_link>[^\|]*)\|(?<drupal_message>.*) | |
# | |
SYSLOGWATCHDOG %{SYSLOGTIMESTAMP:logdate} %{IPORHOST:logsource} %{SYSLOGHOST:syslogprog}: %{WATCHDOG} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment