Skip to content

Instantly share code, notes, and snippets.

@marji

marji/logstash_indexer.conf

Created September 27, 2016 11:39
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save marji/24494c3ae934a17d6f512ca855c0de69 to your computer and use it in GitHub Desktop.
Save marji/24494c3ae934a17d6f512ca855c0de69 to your computer and use it in GitHub Desktop.
Download ZIP
drupal watchdog logstash config
Raw
logstash_indexer.conf
# logstash indexer filter for drupal watchdog
#
# See: https://events.drupal.org/dublin2016/sessions/building-high-available-elk-drupal
#
filter {
grok {
match => { "message" => "%{SYSLOGWATCHDOG}" }
}
date {
locale => "en"
match => [ "logdate", "dd/MMM/yyyy:HH:mm:ss Z", "MMM d HH:mm:ss" , "MMM d HH:mm:ss", "dd-MMM-yyyy HH:mm:ss ZZZ" ]
}
}
}
Raw
logstash_patterns
# Drupal watchdog pattern for logstash grok filter
# - based on https://gist.github.com/Synchro/5917252:
#
# See: https://events.drupal.org/dublin2016/sessions/building-high-available-elk-drupal
#
WATCHDOG https?://%{HOSTNAME:drupal_vhost}\|%{NUMBER:drupal_timestamp}\|(?<drupal_action>[^\|]*)\|%{IP:drupal_ip}\|(?<drupal_request_uri>[^\|]*)\|(?<drupal_referer>[^\|]*)\|(?<drupal_uid>[^\|]*)\|(?<drupal_link>[^\|]*)\|(?<drupal_message>.*)
#
SYSLOGWATCHDOG %{SYSLOGTIMESTAMP:logdate} %{IPORHOST:logsource} %{SYSLOGHOST:syslogprog}: %{WATCHDOG}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment